27 matches found
CVE-2024-32326
TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...
CVE-2024-32325
TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the ssid parameter in the setWiFiExtenderConfig function...
CVE-2024-32326
TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...
CVE-2024-32325
TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the ssid parameter in the setWiFiExtenderConfig function...
CVE-2024-32326
The CVE-2024-32326 entry concerns TOTOLINK EX200 firmware version V4.0.3c.7646_B20201211, which is reported to have a Cross-site Scripting (XSS) vulnerability via the key parameter in the setWiFiExtenderConfig function. The vulnerability is mapped in multiple sources (NVD/NIST CVE entry, Red Hat ...
CVE-2024-32326
TOTOLINK EX200 V4.0.3c.7646B20201211 contains a Cross-site scripting XSS vulnerability through the key parameter in the setWiFiExtenderConfig function...
CVE-2024-32325
TOTOLINK EX200 with firmware v4.0.3c.7646_B20201211 exposes an XSS in the setWiFiExtenderConfig function via the ssid parameter. Root cause appears to be lack of proper input filtering/escaping in the web UI. Impact is Cross-site Scripting on the device management context; no exploitation details...
CVE-2024-31816
In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg...
CVE-2024-31813
TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...
CVE-2024-31813
Summary: CVE-2024-31813 affects TOTOLINK EX200 (version 4.0.3c.7646_B20201211). The root cause is that the device ships without an authentication mechanism by default, per Red Hat/NVD/CNVD/CNNVD entries and industry disclosures. Impact as stated: high confidentiality, integrity, and availability ...
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...
CVE-2024-31814
TOTOLINK EX200 firmware 4.0.3c.7646_B20201211 is affected by CVE-2024-31814, which enables login bypass via the Form_Login function. Descriptions confirm an authentication bypass affecting TOTOLINK EX200; no detailed root-cause or patch information is provided in the supplied documents. Impact is...
CVE-2024-31806
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a Denial-of-Service DoS vulnerability in the RebootSystem function which can reboot the system without authorization...
CVE-2024-31813
TOTOLINK EX200 V4.0.3c.7646B20201211 does not contain an authentication mechanism by default...
CVE-2024-31811
TOTOLINK EX200 vulnerable via langType parameter in setLanguageCfg, affecting version 4.0.3c.7646_B20201211. Root cause: langType fails to filter special elements in the constructed snippet, enabling remote code execution. Impact per metrics: high: CVSS 3.1 base score 8.0 (AV Adjacent, AC Low, PR...
CVE-2024-31806
CVE-2024-31806 affects TOTOLINK EX200 devices (V4.0.3c.7646_B20201211). The vulnerability is in the RebootSystem function, where improper input handling allows rebooting the system without authorization, leading to Denial of Service with high impact on availability. CVSS indicates Adjacent attack...
CVE-2024-31811
TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the langType parameter in the setLanguageCfg function...
CVE-2024-31816
In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg...
CVE-2024-31809
TOTOLINK EX200 v4.0.3c.7646_B20201211 is reported to have a remote code execution vulnerability via the FileName parameter in the setUpgradeFW function. The issue affects the TOTOLINK EX200 device and is described across multiple sources (NVD/Red Hat/CNVD/CVELIST). The root cause is improper hand...
CVE-2022-32449
TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...