7 matches found
EUVD-2024-17506
Malicious code in bioql PyPI...
CVE-2024-1781
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.85220230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public...
CVE-2024-2353
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...
Command injection
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...
CVE-2024-1781
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.85220230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public...
CVE-2023-48803
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
PT-2023-7438 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue is related to the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...