35 matches found
CVE-2023-39617
TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
Remote code execution
TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
Remote code execution
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2023-37170
TOTOLINK A3300R (V17.0.0cu.557_B20221024) is affected by CVE-2023-37170: an unauthenticated remote code execution via the lang parameter in the setLanguageCfg function. The vulnerability is described in multiple sources as a code execution condition stemming from improper handling of input in the...
CVE-2023-37170
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...
CVE-2022-44256
TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function...
CVE-2022-41517
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function...
Stack overflow
TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...
CVE-2022-32449
TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...
Command injection
TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...
PT-2022-21325 · Totolink · Totolink Ex300 V2
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX300 V2 version 4.0.3c.7484 Description: A command injection issue was found via the langType parameter in the setLanguageCfg function. This issue can be exploited through a crafted MQTT data packet. Recommendations: For TOTOLINK...
CVE-2022-32449
TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...
PT-2022-11732 · Totolink · Totolink Ex1200T
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue is a remote command injection vulnerability in the setLanguageCfg function of the global.so file. This vulnerability allows an attacker to control the langType variable to launch an...