Lucene search
K

32 matches found

CVE
CVE
added 2024/05/09 1:52 p.m.38 views

CVE-2024-34218

Summary: CVE-2024-34218 affects TOTOLINK CP450 outdoor CPE firmware 4.1.0cu.747 B20191224. A command injection exists in NTPSyncWithHost via the hostTime parameter, enabling remote command execution by an attacker who can reach the device. The issue arises from inadequate sanitization of the host...

3.8CVSS7.8AI score0.17571EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2024/04/10 12:0 a.m.2 views

TOTOLINK EX200 NTPSyncWithHost Method Code Execution Vulnerability

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the hostTime...

9.8CVSS8.2AI score0.01368EPSS
Exploits1References1
OSV
OSV
added 2024/04/08 1:15 p.m.1 views

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

9.8CVSS6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.3 views

PT-2024-2866 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to a remote code execution vulnerability in the NTPSyncWithHost function, specifically via the hostTime parameter. This vulnerability is associated with weaknesses...

9.8CVSS8.4AI score0.01368EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.5 views

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the hostTime...

9.8CVSS8.1AI score0.01368EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/08 12:0 a.m.28 views

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

8.2AI score0.01368EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/07/04 12:0 a.m.5 views

The vulnerability of the NTPSyncWithHost function in the microprogramming software for TOTOLINK CP300+ routers allows a hacker to execute arbitrary commands.

The vulnerability of the NTPSyncWithHost function in TOTOLINK CP300+ router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands using the hostTime parameter...

10CVSS8.1AI score0.02909EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/05/16 3:15 p.m.29 views

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

9.8CVSS9.8AI score0.02909EPSS
Exploits1References1
OSV
OSV
added 2023/05/16 3:15 p.m.3 views

CVE-2023-31856

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594B20200910 allows attackers to execute arbitrary commands via a crafted http packet...

9.8CVSS7.5AI score0.02909EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.5 views

TOTOLINK CP300+ 命令注入漏洞

The TOTOLINK CP300+ is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK CP300+ version V5.2cu.7594B20200910, which originates from a command injection vulnerability in the hostTime parameter of the NTPSyncWithHostof function. The...

9.8CVSS8.9AI score0.02909EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.5 views

PT-2023-3383 · Totolink · Totolink Cp300+

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP300+ version V5.2cu.7594 B20200910 Description: A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHost of TOTOLINK CP300+ allows attackers to execute arbitrary commands via a crafted http packet...

9.8CVSS8.2AI score0.02909EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.4 views

TotoLink A3100R 命令注入漏洞

Totolink A3100R is a series of wireless routers from Totolink China.A command injection vulnerability exists in Totolink A3100R V4.1.2cu.5050B20200504 and prior versions, which stems from a lack of filtering and escaping of command data in the hostTime parameter in adm/ntm.asp. escaping. An...

9.8CVSS5.7AI score0.01506EPSS
Exploits0References5
Rows per page
Query Builder