22 matches found
TOTOLINK EX1200T setNoticeCfg function command injection vulnerability
TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.A command injection vulnerability exists in TOTOLINK EX1200T V4.1.2cu.5215, which originates from the file lib/cstemodules/system in the setNoticeCfg function in the file lib/cstemodules/system fails to properly...
CVE-2021-42893
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, etc. without authorization through getSysStatusCfg...
CVE-2021-42893
Vulnerability: TOTOLINK EX1200T (version 4.1.2cu.5215) exposes sensitive data (e.g., wifikey) via getSysStatusCfg without authorization. Affected component: getSysStatusCfg function on the EX1200T firmware. Root cause: information disclosure leading to confidential data exposure. Impact: attacker...
CVE-2021-42892
CVE-2021-42892 affects TOTOLINK EX1200T (firmware V4.1.2cu.5215). The root cause is a default username/password stored in the firmware, allowing an attacker to start Telnet without authorization. Impact: unauthorized Telnet access and potential compromise of the device. No remediation details are...
CVE-2021-42891
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, etc. without authorization...
CVE-2021-42891
CVE-2021-42891 affects TOTOLINK EX1200T V4.1.2cu.5215, enabling an attacker to obtain sensitive information (e.g., wifikey) without authorization. The PT-2022-11736 entry confirms the affected version and notes there is no available information about a fixed newer version at this time. Other conn...
CVE-2021-42889
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, wifiname, etc. without authorization...
CVE-2021-42889
TOTOLINK EX1200T (version 4.1.2cu.5215) is affected by an information-disclosure vulnerability that allows an attacker to obtain sensitive credentials (e.g., wifikey, wifiname) without authorization. The issue is described across multiple sources (CNVD/CNNVD, NVD entry CVE-2021-42889, PT-2022-117...
CVE-2021-42888
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack...
CVE-2021-42888
TOTOLINK EX1200T v4.1.2cu.5215 is affected by a remote command injection in the setLanguageCfg function of global.so, allowing control of langType. The PT-2022-11732 advisory confirms the vulnerability and provides mitigations: disable the setLanguageCfg function, restrict access to global.so, an...
CVE-2021-42887
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
Information disclosure
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file...
CVE-2021-42887
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm...
Command injection
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack...
CVE-2021-42886
CVE-2021-42886 applies to TOTOLINK EX1200T, version V4.1.2cu.5215, describing an information-disclosure vulnerability. An unauthenticated attacker can access the attacker-controlled apmib configuration file and retrieve usernames and passwords from the decoded contents. The description indicates ...
CVE-2021-42885
Summary: CVE-2021-42885 is a remote command injection in TOTOLINK EX1200T V4.1.2cu.5215, exploiting the setDeviceMac function in global.so to potentially influence the deviceName. The vulnerability is driven by improper handling in the setDeviceMac routine, enabling an attacker to inject commands...
Denial of service
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cstemodules/system which can reboot the system...
CVE-2021-42877
TOTOLINK EX1200T (v4.1.2cu.5215) contains a denial-of-service vulnerability in the RebootSystem function of lib/cste_modules/system. The issue arises from the RebootSystem path and can cause an unexpected reboot of the device. Public references describe the affected component and version, and som...
Command injection
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cstemodules/system.so to control the ipDoamin...
CVE-2021-42875
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cstemodules/system.so to control the ipDoamin...