12 matches found
TOTOLINK X5000R 缓冲区错误漏洞
The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The version 9.1.0u.6369B20230113 of the Totolink X5000R contains a buffer error vulnerability. This vulnerability stems from improper handling of the submit-url parameter in the function sub458E40 within the...
PT-2026-3936
A weakness has been identified in Totolink NR1800X 9.1.0u.6279 B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...
CVE-2025-51452
In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
CVE-2025-51452
In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
CVE-2025-25604
Totolink X5000R V9.1.0u.6369B20230113 is vulnerable to command injection via the vifdisable function in mtkwifi.lua...
PT-2023-30278 · Totolink · Totolink Lr1200Gb
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR1200GB version 9.1.0u.6619 B20230130 Description: A stack overflow issue was discovered via the password parameter in the loginAuth function. This issue can be exploited, potentially allowing unauthorized access. Recommendations: F...
CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function...
CVE-2023-33485
TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function...
CVE-2022-41528
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function...
CVE-2022-37084
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function...
CVE-2022-37084
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function...
PT-2022-17727 · Totolink · Totolink X5000R
Name of the Vulnerable Software and Affected Versions: Totolink X5000R Firmware version 9.1.0u.6118 B20201102 Description: The issue is related to a command injection vulnerability in the setNtpCfg function, specifically via the tz parameters. This allows attackers to execute arbitrary commands b...