PT-2023-31483 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R router device version V9.1.2u.5822 B20200513 Description: The issue is related to an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi. This vulnerability affects the TOTOlink A3700R...

CVE-2023-51035

Totolink EX1200L (firmware 9.3.5u.6146_B20201023) is affected by CVE-2023-51035 due to an arbitrary command execution vulnerability in the cstecgi.cgi NTPSyncWithHost interface. The root cause is insufficient sanitization/filtering of command characters in the NTPSyncWithHost entry, enabling remo...

CVE-2023-51034

CVE-2023-51034 affects TOTOLINK EX1200L (v9.3.5u.6146_B20201023). The vulnerability allows arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. Root cause cited across sources includes improper filtering of command characters in the UploadFirmwareFile function exposed by ...

CVE-2023-51014

CVE-2023-51014 affects TOTOLINK EX1800T with version 9.1.0cu.2112_B20220316. The vulnerability is an unauthorized arbitrary command execution via the lanSecDns parameter in the setLanConfig interface of cstecgi.cgi. The connected documents do not provide patch details or official remediation timi...

CVE-2023-51023

CVE-2023-51023 affects TOTOLINK EX1800T (v9.1.0cu.2112_B20220316) with the NTPSyncWithHost interface’s cstecgi.cgi. The root cause is failure to properly filter constructed command characters in the host_time parameter, enabling arbitrary command execution on the device. Impact is consistent with...

CVE-2023-51018

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi...

CVE-2023-51015

TOTOLINX EX1800T (firmware v9.1.0cu.2112_B20220316) is affected by a command-injection vulnerability in the cstecgi.cgi setDmzCfg interface. The root cause is an arbitrary command execution path triggered by the enable parameter, enabling an attacker with network access to run arbitrary commands ...

CVE-2023-50147

The CVE-2023-50147 entry concerns the TOTOLINK A3700R router, firmware version V9.1.2u.5822_B20200513, with a vulnerability in the setDiagnosisCfg function of the cstecgi.cgi. The issue enables arbitrary command execution, as described across multiple sources. Affected component: cstecgi.cgi’s se...

CVE-2023-51023

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...

CVE-2023-51033

CVE-2023-51033 affects TOTOLINK EX1200L (v9.3.5u.6146_B20201023). The vulnerability is an arbitrary command execution via the cstecgi.cgi interface, specifically the setOpModeCfg function. Red Hat and CNVD entries corroborate that the issue stems from inadequate input handling in the setOpModeCfg...

CVE-2023-50147

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822B20200513...

The vulnerability of the OpenSSH cryptographic protection lies in the possibility of introducing or modifying arguments, allowing attackers to execute arbitrary commands.

The vulnerability of the SSH protocol’s implementation related to cryptographic security in OpenSSH lies in the exploitation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2023-0011

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial...

Input validation

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial...

Tenda i29 安全漏洞

The Tenda i29 is a wireless router from the Chinese company Tenda. The Tenda i29 suffers from a command execution vulnerability that stems from the pingSet method failing to properly filter construct command special characters, commands, etc. The vulnerability can be exploited to cause arbitrary...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

CVE-2023-48394

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Microsoft Windows Multiple Vulnerabilities (KB5033375)

This host is missing an important security update according to Microsoft KB5033375 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

ELECOM WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and, WRC-X3000GSA v1.0.24 and versions Security Vulnerabilities

The ELECOM WRC-X3000GS2-W and ELECOM WRC-X3000GSN are both wireless routers from ELECOM. A security vulnerability exists in the ELECOM WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier, which originated from a vulnerability that allows an attacker with...