7635 matches found
CVE-2023-51034
TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...
CVE-2023-51014
TOTOLINK EX1800T V9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi...
CVE-2023-51024
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi...
CVE-2023-51034
TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...
CVE-2023-51018
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi...
Palo Alto Networks PAN-OS XML API Command Injection Vulnerability
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a command injection vulnerability that stems from a failure to properly filter construct command special characters, commands, etc. in the XML API. An attacker cou...
PT-2023-31730 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOLINX EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the enable parameter of the 'setDmzCfg' interface of the 'cstecgi.cgi'. Recommendations: For TOTOLINX EX1800T version 9.1.0cu.2112...
PT-2023-31740 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns an unauthorized arbitrary command execution in the admuser parameter of the "setPasswordCfg" interface of the cstecgi .cgi. This allows for potential exploitation...
CVE-2023-51035
TOTOLINK EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface...
CVE-2023-51025
TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi...
TOTOLINK A3700R Security Breach
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A3700R version V9.1.2u.5822B20200513, which stems from the presence of an arbitrary command execution vulnerability...
TOTOLINK EX1800T 安全漏洞
TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...
TOTOLINK EX1800T 安全漏洞
The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T version v9.1.0cu.2112B20220316. The vulnerability stems from the hosttime parameter of the NTPSyncWithHost interface of cstecgi .cgi failing to...
CVE-2023-50147
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822B20200513...
CVE-2023-51015
TOTOLINX EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi...
Tenda i29 pingSet Method Command Execution Vulnerability
The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the pingSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cause arbitrary...
Tenda i29 sysScheduleRebootSet Method Command Execution Vulnerability
The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the sysScheduleRebootSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cau...
CVE-2023-51025
CVE-2023-51025 affects TOTOLINK EX1800T v9.1.0cu.2112_B20220316. The vulnerability is an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi.cgi, caused by inadequate filtering of constructed commands. Impact is high (arbitrary commands...
CVE-2023-51017
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi...
PT-2023-31745 · Totolink · Totolink Ex1200T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the setOpModeCfg function. This could potentially be exploited through the...