80 matches found
CVE-2022-37814
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the deviceid parameters in the function addWifiMacFilter...
Stack overflow
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the deviceid parameters in the function addWifiMacFilter...
CVE-2022-37814
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the deviceid parameters in the function addWifiMacFilter...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53552)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, China.A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the devicemac parameter in /setting/setDeviceName...
CVE-2022-28905
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName...
CVE-2022-28905
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName...
CVE-2022-28905
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName...
Command injection
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName...
CVE-2022-28905
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName...
CVE-2022-28905
TOTOLink N600R (versions including V5.3c.7159_B20190425) contains a command injection vulnerability reachable through the devicemac parameter in the /setting/setDeviceName API. The root cause is an unsafely handled input in the devicemac field, enabling arbitrary command execution on the device. ...
PT-2022-19300 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was found via the devicemac parameter in the "/setting/setDeviceName" API endpoint. This allows for potential command execution on the device. Recommendations:...
Multiple TotoLink Product Command Injection Vulnerabilities (CNVD-2022-47975)
Totolink A830R/A3100R/A950RG/A800R/A3000RU/A810R and other products are one of the routers from Totolink China. A command injection vulnerability exists in several TotoLink products. The vulnerability stems from the failure of the deviceName parameter and deviceMac parameter in the...
CVE-2022-26212
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...
CVE-2022-26211
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...
Command injection
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...
CVE-2022-26211
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...
CVE-2022-26212
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...
PT-2022-17725 · Totolink · Totolink A3100R +5
Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...
CVE-2018-18731
CVE-2018-18731 affects Tenda AC7/AC9/AC10/AC15/AC18 devices (versions listed in initial documents) where a buffer overflow exists in the router’s httpd web server. During processing of the POST parameter 'deviceMac', the value is used directly in sprintf to a stack variable, which can override th...