Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

637 matches found

Nuclei
Nucleiadded 2 days ago53 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.6AI score0.92398EPSS
Exploits4References4
EUVD
EUVDadded 2026/05/08 6:32 a.m.2 views

EUVD-2026-28528

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS5.9AI score0.00086EPSS
Exploits0References6
NVD
NVDadded 2026/05/08 5:16 a.m.6 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00086EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/08 4:0 a.m.25 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00086EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/08 4:0 a.m.2 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.5AI score0.00086EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/08 4:0 a.m.2 views

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.5AI score0.00086EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/08 4:0 a.m.5 views

CVE-2026-8137

The CVE-2026-8137 entry affects Totolink X5000R (firmware 9.1.0u.6369_B20230113). The vulnerable component is the function sub_458E40 in /boafrm/formDdns, where manipulation of the submit-url argument causes a buffer overflow. Remote exploitation is possible, and the exploit has been disclosed pu...

9CVSS7.5AI score0.00086EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.4 views

PT-2026-38664

Name of the Vulnerable Software and Affected Versions Totolink X5000R version 9.1.0u.6369 B20230113 Description A buffer overflow occurs in the sub 458E40 function within the '/boafrm/formDdns' file. This issue is triggered by the manipulation of the submit-url argument, allowing for remote...

9CVSS7.4AI score0.00086EPSS
Exploits0References8
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.3 views

TOTOLINK X5000R 缓冲区错误漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The version 9.1.0u.6369B20230113 of the Totolink X5000R contains a buffer error vulnerability. This vulnerability stems from improper handling of the submit-url parameter in the function sub458E40 within the...

9CVSS7.7AI score0.00086EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/27 2:24 p.m.3 views

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

10CVSS8.4AI score0.2015EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/02/25 4:7 a.m.4 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS5.5AI score0.00203EPSS
Exploits1References1
OSV
OSVadded 2026/02/24 3:21 p.m.1 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS5.8AI score0.00203EPSS
Exploits1References2
NVD
NVDadded 2026/02/24 3:21 p.m.2 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

7.5CVSS0.00203EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/02/24 1:44 a.m.1 views

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

9.8CVSS5.7AI score0.02642EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/02/24 1:44 a.m.0 views

CVE-2025-70329

TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...

8CVSS6AI score0.00934EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/02/24 12:0 a.m.1 views

PT-2026-21743

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R version 9.1.0cu.2415 B20250515 Description The software contains a denial-of-service issue in the /cgi-bin/cstecgi.cgi component. The component reads the CONTENT LENGTH environment variable and allocates memory using malloc wit...

7.5CVSS6AI score0.00203EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/02/24 12:0 a.m.4 views

TOTOLINK X5000R 安全漏洞

TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese company. The TOTOLINK X5000R V9.1.0cu.2415B20250515 version contains a security vulnerability. This vulnerability stems from insufficient boundary checking of the CONTENTLENGTH environment variable in the /cgi-bin/cstecgi.cgi file. It ma...

7.5CVSS5.8AI score0.00203EPSS
Exploits1References2
CVE
CVEadded 2026/02/24 12:0 a.m.5 views

CVE-2025-67445

CVE-2025-67445 affects TOTOLINK X5000R (v9.1.0cu.2415_B20250515) in the /cgi-bin/cstecgi.cgi CGI. The issue stems from reading CONTENT_LENGTH and calling malloc(CONTENT_LENGTH + 1) without proper bounds checks. A crafted large POST request can exhaust memory or cause a segmentation fault when the...

7.5CVSS5.5AI score0.00203EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/24 12:0 a.m.3 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

5.5AI score0.00203EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/02/24 12:0 a.m.14 views

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

0.00203EPSS
Exploits1References2
Rows per page
Query Builder