Totolink T8 代码问题漏洞

TOTOLINK T8 is a wireless dual-band router from China's Gion Electronics that supports gigabit networks. TOTOLINK T8 has a code issue vulnerability that originates from certain unknown functions in the file /cgi-bin/cstecgi.cgi, no details of the vulnerability are provided at this time...

PT-2024-1394 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6255 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N350RT router's firmware, which is associated with incorrect session expiration. This can be exploited by a remote attacker...

Totolink N350RT 代码问题漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...

PT-2024-1395 · Totolink · Totolink T8

Name of the Vulnerable Software and Affected Versions: Totolink T8 version 4.1.5cu.833 20220905 Description: A vulnerability was found in the file /cgi-bin/cstecgi.cgi of the Totolink T8, which is related to incorrect session expiration. The manipulation of this issue can lead to session...

TOTOLINK LR1200GB setIpPortFilterRules function buffer overflow vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability that originates from the sPort parameter of the setIpPortFilterRules function...

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

Axis Communications P3225 and M3005 Network Cameras Improper Privilege Management (CVE-2017-20049)

A vulnerability, was found in legacy Axis devices such as P3225 and M3005. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. This plugin only works with Tenable.ot. Please visit...

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

Open redirect

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL...

CVE-2024-22113

CVE-2024-22113 affects Access analysis CGI An-Analyzer from ANGLERSNET Co., Ltd. The vulnerability is an open redirect (CWE-601) in the CGI component, allowing remote unauthenticated attackers to redirect users to arbitrary websites via a specially crafted URL, enabling phishing scenarios. Root c...

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

EBYTE E880-IR01 Security Vulnerability

EBYTE E880-IR01 is a 4G wireless router from EBYTE, China. A security vulnerability exists in EBYTE E880-IR01 version V1.1. An attacker can exploit this vulnerability to obtain sensitive information via a specially crafted /cgi-bin/luci POST request...

Dell EMC Code Injection (CVE-2018-1207)

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. This plugin only works with Tenable.ot. Please visit...

CVE-2024-0578

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely...

CVE-2024-0575

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attac...

CVE-2024-0574

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotel...

CVE-2024-0571

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2024-0569

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.83320220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to...