15280 matches found
CVE-2023-52026
TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...
PT-2024-14360 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: A remote command execution vulnerability was discovered in the setTelnetCfg interface via the telnet enabled parameter. This issue allows for remote command execution...
CVE-2023-52026
TOTOlink EX1800T V9.1.0cu.2112B20220316 was discovered to contain a remote command execution RCE vulnerability via the telnetenabled parameter of the setTelnetCfg interface...
CVE-2023-52026
CVE-2023-52026 affects TOTOLINK EX1800T (firmware v9.1.0cu.2112_B20220316). The root cause is a vulnerability in the telnet_enabled parameter of the setTelnetCfg interface which fails to properly filter commands, enabling remote command execution over the network. Documented impact is remote code...
CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd,...
CVE-2024-22197 Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd,...
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
GHSA-PXMR-Q2X3-9X9M Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
CVE-2023-52029
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setDiagnosisCfg function...
CVE-2023-52030
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setOpModeCfg function...
CVE-2023-52027
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the NTPSyncWithHost function...
CVE-2023-52031
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the UploadFirmwareFile function...
CVE-2023-52032
TOTOlink EX1200T V4.1.2cu.5232B20210713 was discovered to contain a remote command execution RCE vulnerability via the "main" function...
CVE-2023-52032
TOTOlink EX1200T V4.1.2cu.5232B20210713 was discovered to contain a remote command execution RCE vulnerability via the "main" function...
CVE-2023-52030
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setOpModeCfg function...
CVE-2023-52029
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setDiagnosisCfg function...
CVE-2023-52027
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the NTPSyncWithHost function...
CVE-2023-52028
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...
CVE-2023-52031
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the UploadFirmwareFile function...
CVE-2023-52028
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...