6 matches found
CVE-2024-41315
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpinwps function...
CVE-2024-32353
CVE-2024-32353 affects TOTOLINK X5000R firmware version 9.1.0cu.2350_B20230313. A command injection exists in the setSSServer API at /cgi-bin/cstecgi.cgi via the port parameter, caused by inadequate input filtering of command characters. Impact is high (arbitrary command execution) with CVSSv3.1:...
CVE-2023-46979
TOTOLINK X6000R V9.4.0cu.852B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function...
CVE-2022-37081
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg...
Command injection
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg...
CVE-2021-43663
totolink EX300v2 V4.0.3c.140B20210429 was discovered to contain a command injection vulnerability via the component cloudupdatecheck...