30 matches found
CVE-2022-38535
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution RCE vulnerability via the setTracerouteCfg function...
EUVD-2022-47207
Malicious code in bioql PyPI...
EUVD-2023-52272
Malicious code in bioql PyPI...
EUVD-2022-39189
Malicious code in bioql PyPI...
EUVD-2024-48923
Malicious code in bioql PyPI...
EUVD-2022-39167
Malicious code in bioql PyPI...
EUVD-2022-39196
Malicious code in bioql PyPI...
EUVD-2022-44716
Malicious code in bioql PyPI...
EUVD-2023-33336
Malicious code in bioql PyPI...
The vulnerability of the setTracerouteCfg() function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software allows a intruder to execute arbitrary code.
The vulnerability of the setTracerouteCfg function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software is related to the failure to eliminate special elements during the processing of the command parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
CVE-2023-48192
An issue in TOTOlink A3700R v.9.1.2u.6134B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function...
CVE-2023-46485
An issue in TOTOlink X6000R V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component...
CVE-2022-41523
TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function...
CVE-2022-36487
TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg...
TOTOLINK AC1200 T8 setTracerouteCfg function buffer overflow vulnerability
The TOTOLINK AC1200 T8 is a dual-band full gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 T8 setTracerouteCfg function, which can be exploited by an attacker to submit a special request that can crash the service program or...
Command injection
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...
PT-2024-14362 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setTracerouteCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...
CVE-2023-52028
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...
TOTOLINK X6000R setTracerouteCfg function code execution vulnerability
TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. A code execution vulnerability exists in TOTOLINK X6000R. The vulnerability stems from the application failing to properly filter special...
Code injection
An issue in TOTOlink X6000R V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component...