CVE-2024-46424

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

Command injection

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW...

Design/Logic Flaw

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

Command injection

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24154

TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW...

CVE-2023-24155

TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /webcste/cgi-bin/product.ini...

CVE-2023-24155

CVE-2023-24155 affects TOTOLINK T8 (V4.1.5cu). The issue is a hard-coded password for the Telnet service stored in the component /web_cste/cgi-bin/product.ini. The impact is described as high/critical with CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (network access, no user interaction, unauth...

CVE-2022-38828

TOTOLINK T6 V4.1.5cu.709B20210518 is vulnerable to command injection via cstecgi.cgi...

CVE-2022-38826

In TOTOLINK T6 V4.1.5cu.709B20210518, there is an execute arbitrary command in cstecgi.cgi...

Buffer overflow

TOTOLINK T6 V4.1.5cu.709B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi...

Command injection

In TOTOLINK T6 V4.1.5cu.709B20210518, there is an execute arbitrary command in cstecgi.cgi...

CVE-2022-38828

CVE-2022-38828 affects TOTOLINK T6 (version 4.1.5cu.709_B20210518). The vulnerability is a command-injection in the cstecgi.cgi endpoint, enabling arbitrary command execution. CVSSv3.1 base score 9.8 (CRITICAL) with network exposure, no privileges, no user interaction required. Public sources in ...

CVE-2022-38828

TOTOLINK T6 V4.1.5cu.709B20210518 is vulnerable to command injection via cstecgi.cgi...

CVE-2022-38535

The CVE-2022-38535 entry concerns TOTOLINK-720R (v4.1.5cu.374) with a remote code execution (RCE) flaw exploitable via the setTracerouteCfg function. The vulnerability is described across multiple connected sources as affecting TOTOLINK-720R, enabling an attacker to execute arbitrary code remotel...

CVE-2022-38535

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution RCE vulnerability via the setTracerouteCfg function...

CVE-2022-38534

CVE-2022-38534 affects TOTOLINK-720R v4.1.5cu.374 and is a remote code execution vulnerability exploitable via the setdiagnosicfg function. The issue is confirmed across multiple sources (e.g., PT-2022-24441) and Red Hat’s security advisory links the RCE to the same function. Exploitation could a...

CVE-2022-36610

TOTOLINK A720R V4.1.5cu.532B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

CVE-2022-36610

TOTOLINK A720R V4.1.5cu.532B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample...