CVE-2022-36611

TOTOLINK A800R V4.1.2cu.5137B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2024-53334

Consolidated details from connected sources confirm CVE-2024-53334 affects TOTOLINK A810R, specifically the infostat.cgi component. The vulnerability is a Buffer Overflow in infostat.cgi on TOTOLINK A810R version 4.1.2cu.5182_B20201026. Reports describe the issue as allowing remote handling that ...

CVE-2024-53335

TOTOLINK A810R V4.1.2cu.5182B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi...

CVE-2024-53335

Affected product: TOTOLINK A810R (firmware 4.1.2cu.5182_B20201026). Vulnerability: Buffer overflow in the downloadFlile.cgi endpoint. Root cause / details: The vulnerability arises from improper validation of input length/size in downloadFlile.cgi, leading to potential memory corruption. Impact (...

CVE-2024-42547

The CVE-2024-42547 entry concerns TOTOLINK A3100R devices, specifically firmware version V4.1.2cu.5050_B20200504. The vulnerability is a buffer overflow in the http_host parameter within the loginauth function. Public sources (CNVD/CNNVD/Red Hat/NVD) describe potential remote code execution or de...

CVE-2024-42547

TOTOLINK A3100R V4.1.2cu.5050B20200504 has a buffer overflow vulnerability in the httphost parameter in the loginauth function...

CVE-2024-42546

TOTOLINK A3100R V4.1.2cu.5050B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function...

TOTOLINK EX1200T Command Injection Vulnerability

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK EX1200T version V4.1.2cu.5232B20210713, which stems from the main method failing to properly filter construct command special characters, commands, and so on. An...

CVE-2023-52032

TOTOlink EX1200T V4.1.2cu.5232B20210713 was discovered to contain a remote command execution RCE vulnerability via the "main" function...

CVE-2023-52032

CVE-2023-52032 affects TOTOLINK EX1200T (firmware v4.1.2cu.5232_B20210713). Multiple sources describe a remote command execution via the main() function , caused by improper filtering of constructed command characters. Reported as a command injection/RCE vulnerability with potential for arbitrary...

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

Command injection

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 is affected by CVE-2022-48069: a command injection via QUERY_STRING parameter, allowing network-based exploitation with no user interaction. Reported CVSSv3.1 base score 7.5 (High); impact on confidentiality (High) with no integrity/availability impact. Exploitation a...

CVE-2022-48069

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERYSTRING parameter...

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

CVE-2022-37840

In TOTOLINK A860R V4.1.2cu.5182B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability...

CVE-2022-37842

The CVE-2022-37842 issue affects TOTOLINK A860R, specifically version 4.1.2cu.5182_B20201027, where unfiltered parameters in infostat.cgi lead to a buffer overflow. Multiple sources (NVD, Red Hat, CVE list, CNNVD, PT Security) confirm the vulnerability, with CVSS 3.1 base score 9.8 (CRITICAL) and...

CVE-2022-37840

CVE-2022-37840 affects TOTOLINK A860R (4.1.2cu.5182_B20201027). The vulnerability is in the main function of downloadfile.cgi, described as a buffer overflow. Coordinated disclosures across multiple sources (NVD/NVD-derived entries, Red Hat advisory, CNVD, PRION, PT Security) consistently identif...

CVE-2022-37841

CVE-2022-37841 affects TOTOLINK A860R (v4.1.2cu.5182_B20201027). The issue is a hard-coded root password stored in /etc/shadow.sample, enabling potential unauthorized root access. Connected sources confirm the model and file, with Red Hat and other feeds reiterating the same root password disclos...

CVE-2022-37839

TOTOLINK A860R V4.1.2cu.5182B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi...