Lucene search
K

29 matches found

BDU FSTEC
BDU FSTEC
added 2024/10/02 12:0 a.m.4 views

The vulnerability of the setWanIeCfg() function (/cgi-bin/cstecgi.cgi) in the microprogramming software for TOTOLINK X5000R allows a hacker to execute any command they desire.

The vulnerability of the setWanIeCfg function /cgi-bin/cstecgi.cgi in TOTOLINK X5000R routers exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

9CVSS5.9AI score0.01049EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/08/12 8:15 p.m.4 views

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

8.8CVSS6AI score0.01049EPSS
Exploits1References1
NVD
NVD
added 2024/08/12 8:15 p.m.16 views

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

8.8CVSS0.01049EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.2 views

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setWanIeCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...

8.8CVSS7.7AI score0.01049EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.20 views

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

0.01049EPSS
Exploits1References1
CVE
CVE
added 2024/08/12 12:0 a.m.57 views

CVE-2024-42747

CVE-2024-42747 – TOTOLINK X5000r : A command-injection in /cgi-bin/cstecgi.cgi (setWanIeCfg) on TOTOLINK X5000r v9.1.0cu.2350_b20230313 allows authenticated attackers to execute arbitrary commands. The vulnerability stems from insufficient input validation in the affected function. Exploitation c...

8.8CVSS8.1AI score0.01049EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.3 views

PT-2024-6505 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setWanIeCfg function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

9CVSS7.5AI score0.01049EPSS
Exploits1References7
NVD
NVD
added 2023/06/07 9:15 p.m.18 views

CVE-2023-33556

TOTOLink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg...

9.8CVSS9.8AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2023/06/07 9:15 p.m.3 views

CVE-2023-33556

TOTOLink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg...

9.8CVSS5.8AI score0.01958EPSS
Exploits1References1
CVE
CVE
added 2023/06/07 12:0 a.m.58 views

CVE-2023-33556

CVE-2023-33556 affects TOTOLink A7100RU firmware version V7.4cu.2313_B20191024. The issue is a command injection via the staticGw parameter exposed at /setting/setWanIeCfg, caused by insufficient input sanitization. PT-2023-4271 summarizes this as a remote-code-execution vulnerability and recomme...

9.8CVSS9.7AI score0.01958EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/06/07 12:0 a.m.22 views

CVE-2023-33556

TOTOLink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg...

10AI score0.01958EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.4 views

PT-2023-4271 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOLink A7100RU version V7.4cu.2313 B20191024 Description: The issue is related to the lack of input data sanitization in the staticGw function of the TOTOLink A7100RU router's firmware. This allows a remote attacker to exploit the...

9.8CVSS7.8AI score0.01958EPSS
Exploits1References7
Prion
Prion
added 2023/04/07 4:15 a.m.17 views

Command injection

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg...

7.5CVSS9.8AI score0.0192EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/07 12:0 a.m.75 views

CVE-2023-26978

CVE-2023-26978 affects TOTOLINK A7100RU (V7.4cu.2313_B20191024). The vulnerability is a command injection in the pppoeAcName parameter exposed via the /setting/setWanIeCfg endpoint. Root cause is improper handling/filtration of input leading to arbitrary command execution. Documents describe impa...

9.8CVSS9.7AI score0.0192EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/04/07 12:0 a.m.5 views

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that originates from the pppoeAcName parameter of /setting/setWanIeCfg failing to correctly...

9.8CVSS7.8AI score0.0192EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/07 12:0 a.m.19 views

CVE-2023-26978

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg...

10AI score0.0192EPSS
Exploits1References1
NVD
NVD
added 2023/03/28 11:15 p.m.23 views

CVE-2023-27232

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg...

9.8CVSS9.8AI score0.0192EPSS
Exploits1References1
OSV
OSV
added 2023/03/28 10:15 p.m.3 views

CVE-2023-27231

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg...

9.8CVSS7.3AI score0.02023EPSS
Exploits1References1
NVD
NVD
added 2023/03/28 10:15 p.m.16 views

CVE-2023-27231

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg...

9.8CVSS9.8AI score0.02023EPSS
Exploits1References1
Prion
Prion
added 2023/03/28 10:15 p.m.20 views

Command injection

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg...

7.5CVSS9.8AI score0.02023EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder