CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

PT-2024-38133

Name of the Vulnerable Software and Affected Versions TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description A critical issue has been found, affecting the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China Gion Electronics. The TOTOLINK A3600R suffers from an OS command injection vulnerability, which is located in the NTPSyncWithHost function in the /cgi-bin/cstecgi.cgi file, and stems from improper handling of the hostTime parameter,...

CVE-2024-35397

TOTOLINK CP900L v4.1.5cu.798B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2024-34218

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter...

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A command injection vulnerability exists in the TOTOLINK CP...

CVE-2024-34218

Summary: CVE-2024-34218 affects TOTOLINK CP450 outdoor CPE firmware 4.1.0cu.747 B20191224. A command injection exists in NTPSyncWithHost via the hostTime parameter, enabling remote command execution by an attacker who can reach the device. The issue arises from inadequate sanitization of the host...

CVE-2024-34218

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter...

TOTOLINK EX200 NTPSyncWithHost Method Code Execution Vulnerability

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the hostTime...

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

PT-2024-2866 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to a remote code execution vulnerability in the NTPSyncWithHost function, specifically via the hostTime parameter. This vulnerability is associated with weaknesses...

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the hostTime...

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

The vulnerability of the NTPSyncWithHost function in the microprogramming software for TOTOLINK CP300+ routers allows a hacker to execute arbitrary commands.

The vulnerability of the NTPSyncWithHost function in TOTOLINK CP300+ router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands using the hostTime parameter...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

TOTOLINK CP300+ 命令注入漏洞

The TOTOLINK CP300+ is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK CP300+ version V5.2cu.7594B20200910, which originates from a command injection vulnerability in the hostTime parameter of the NTPSyncWithHostof function. The...

PT-2023-3383 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ version V5.2cu.7594 B20200910 Description: A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHost of TOTOLINK CP300+ allows attackers to execute arbitrary commands via a crafted http packet...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...