Lucene search
K

16 matches found

CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

TOTOLINK CPE CP900 setUploadUserData Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setUploadUserData function failing to properly filter construct command special characters, commands, etc. No detail...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

TOTOLINK CPE CP900 setApRebootScheCfg Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setApRebootScheCfg function failing to correctly filter construct command special characters, commands, etc. No...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

TOTOLINK CPE CP900 CloudSrvUserdataVersionCheck Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the CloudSrvUserdataVersionCheck function failing to correctly filter construct command special characters, commands, et...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/03 1:35 a.m.23 views

CVE-2025-44837

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.3CVSS8.8AI score0.00884EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 3:16 p.m.14 views

CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

6.3CVSS0.00884EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.6 views

CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.8AI score0.00884EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.7 views

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

8.8AI score0.00884EPSS
Exploits1References1
CVE
CVE
added 2025/05/01 12:0 a.m.63 views

CVE-2025-44837

TOTOLINK CPE CP900 v6.3c.1144_B20190715 contains a command injection in CloudSrvUserdataVersionCheck. The vulnerability allows executing arbitrary commands via crafted requests using the url or magicid parameters. Affected component: CloudSrvUserdataVersionCheck function (Totolink CP900). Exploit...

6.3CVSS8.3AI score0.00884EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.3 views

TOTOLINK CPE CP900 安全漏洞

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setUploadUserData function failing to properly filter construct command special characters, commands, etc. No detail...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.13 views

CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.22 views

PT-2025-18655 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...

6.5CVSS7.9AI score0.00884EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.4 views

PT-2025-18653 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was discovered in the setUploadUserData function through the FileName parameter. This issue allows attackers to execute arbitrary commands via a manipulated...

6.5CVSS7.9AI score0.00884EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-18652 · Totolink · Totolink Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the CloudSrvUserdataVersionCheck function, allowing attackers to execute arbitrary commands via a crafted request. This is possible through the...

6.5CVSS7.8AI score0.00884EPSS
Exploits1References5
CVE
CVE
added 2023/03/24 12:0 a.m.62 views

CVE-2022-28495

The CVE-2022-28495 vulnerability affects TOTOLink outdoor CPE CP900, version 6.3c.566_B20171026, where the setWebWlanIdx function is exploitable via the webWlanIdx parameter to achieve command injection. This can allow an attacker to execute arbitrary commands, over a network attack vector with n...

9.8CVSS9.8AI score0.02441EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/03/24 12:0 a.m.25 views

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

10AI score0.02441EPSS
Exploits1References2
NVD
NVD
added 2023/03/23 5:15 p.m.48 views

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS9.9AI score0.01409EPSS
Exploits0References1
Rows per page
Query Builder