Lucene search
+L

53 matches found

CNVD
CNVD
added 2025/05/14 12:0 a.m.3 views

TOTOLINK CA600-PoE setWebWlanIdx Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setWebWlanIdx function failing to properly filter construct command special characters, commands, etc. No detailed...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.8 views

The vulnerability of the setWebWlanIdx function in the microprogramming software of TOTOLINK EX1200T routers allows a hacker to execute arbitrary code by manipulating the webWlanIdx parameter.

The vulnerability of the setWebWlanIdx function in TOTOLINK EX1200T router microprogramming systems exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by manipulating the webWlanIdx parameter...

10CVSS6AI score0.01018EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.6 views

TOTOLINK CA600-PoE 安全漏洞

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setWebWlanIdx function failing to properly filter construct command special characters, commands, etc. No detailed...

6.3CVSS7.5AI score0.00884EPSS
Exploits1References1
OSV
OSV
added 2025/04/22 6:15 p.m.6 views

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

9.8CVSS5.9AI score0.01018EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. The TOTOLINK EX1200T suffers from a command execution vulnerability that originates from the presence of a pre-authenticated remote command execution of the webWlanIdx...

9.8CVSS7.7AI score0.01018EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/04/09 12:0 a.m.10 views

The vulnerability of the setWebWlanIdx function in the /lib/cste_modules/wireless.so file of the TOTOLINK A3100R router’s microprogramming system, which allows a attacker to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in the /lib/cstemodules/wireless.so module of the TOTOLINK A3100R router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

10CVSS5.9AI score0.00889EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.5 views

PT-2025-18657 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the setWebWlanIdx function through the webWlanIdx parameter. This issue allows attackers to execute arbitrary commands via a manipulated...

6.5CVSS7.9AI score0.00884EPSS
Exploits1References7
OSV
OSV
added 2025/03/28 9:15 p.m.5 views

CVE-2025-28256

An issue in TOTOLINK A3100R V4.1.2cu.5247B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cstemodules/wireless.so...

9.8CVSS6.1AI score0.00889EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.3 views

TOTOLINK A3100R 安全漏洞

TOTOLINK A3100R is a series of wireless routers from China's Gion Electronics TOTOLINK. The TOTOLINK A3100R suffers from a code execution vulnerability that stems from setWebWlanIdx failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this...

9.8CVSS8.1AI score0.00889EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/25 12:0 a.m.10 views

The vulnerability of the setWebWlanIdx() function in TOTOLINK EX200 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in TOTOLINK EX200 router microprogramming software is related to the incorrect processing of the webWlanIdx parameter. Exploiting this vulnerability can allow an attacker to execute arbitrary commands remotely...

8.8CVSS5.8AI score0.00926EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/25 12:0 a.m.10 views

The vulnerability of the setWebWlanIdx() function in TOTOLINK CP900 router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setWebWlanIdx function in TOTOLINK CP900 router microprogramming software lies in the lack of measures taken to neutralize special elements during the processing of the webWlanIdx parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS8.2AI score0.02441EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/07/29 6:15 a.m.6 views

CVE-2024-7185

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The...

8.8CVSS6.3AI score0.01091EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/29 5:31 a.m.31 views

CVE-2024-7185 TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The...

9CVSS0.01091EPSS
Exploits1References4
OSV
OSV
added 2024/05/14 3:38 p.m.2 views

CVE-2024-34206

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter...

6.5CVSS5.8AI score0.01336EPSS
Exploits1References1
CVE
CVE
added 2024/05/09 4:29 p.m.38 views

CVE-2024-34206

CVE-2024-34206 affects TOTOLINK outdoor CPE CP450, specifically version 4.1.0cu.747_B20191224. The flaw is in the setWebWlanIdx function, where the webWlanIdx parameter allows command injection. CVSS 3.1 base score 6.5 (Medium): Adjacent access, no privileges required, no user interaction, but in...

6.5CVSS7.8AI score0.01336EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2024/04/10 12:0 a.m.2 views

TOTOLINK EX200 setWebWlanIdx Method Code Execution Vulnerability

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the webWlanIdx...

8.8CVSS8.2AI score0.00926EPSS
Exploits1References1
OSV
OSV
added 2024/04/08 1:15 p.m.5 views

CVE-2024-31808

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the webWlanIdx parameter in the setWebWlanIdx function...

8.8CVSS6.3AI score0.00926EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.4 views

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the webWlanIdx...

8.8CVSS8.1AI score0.00926EPSS
Exploits1References2
OSV
OSV
added 2023/03/24 2:15 p.m.1 views

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS6AI score0.02441EPSS
Exploits1References2
Prion
Prion
added 2023/03/24 2:15 p.m.19 views

Command injection

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

7.5CVSS9.8AI score0.02441EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder