The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the week parameter. Exploiting...

TOTOLINK X5000R week parameter command injection vulnerability in setWiFiScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

CVE-2024-57023

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg...

CVE-2024-57023

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg...

CVE-2024-57012

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg...

CVE-2024-57012

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "week" parameter in setScheduleCfg to correctly filter for constructed command special...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China RuiYin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the restartweek parameter of the adm.cgi schreboot function to correctly filter construct command special...

TOTOLINK EX1200L 安全漏洞

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. TOTOLINK EX1200L suffers from a buffer overflow vulnerability, which originates from the parameter week/sTime/eTime in the file /cgi-bin/cstecgi.cgi that ca...

TOTOLINK LR350 setParentalRules function buffer overflow vulnerability

TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a buffer overflow vulnerability that originates from a buffer overflow after authentication via the paramete...

TOTOLINK LR350 缓冲区错误漏洞

TOTOLINK LR350 is a 4G LTE router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a buffer overflow vulnerability that originates from a buffer overflow after authentication via the paramete...

PT-2022-27158 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the parameters week, sTime, and eTime in the setParentalRules function. Recommendations: For TOTOLINK LR350 version...

TOTOLINK NR1800X setParentalRules method buffer overflow vulnerability

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...

CVE-2022-41524

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function...

Stack overflow

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function...

CVE-2022-32051

CVE-2022-32051 concerns the TOTOLINK T6 router. A stack overflow is triggered in FUN_004133c4 via the desc, week, sTime, and eTime parameters, with input length not checked, affecting TOTOLINK T6 version 4.1.9cu.5179_B20201015. The vulnerability can cause a denial of service due to uncontrolled s...

PT-2022-21076 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.9cu.5179 B20201015 Description: A stack overflow issue was discovered in the TOTOLINK T6, affecting the desc, week, sTime, and eTime parameters within the FUN 004133c4 function. Recommendations: For TOTOLINK T6 version...

CVE-2008-4620

SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...