CVE-2023-29801

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function...

CVE-2023-29798

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function...

CVE-2023-29799

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...

Command injection

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function...

CVE-2023-29803

CVE-2023-29803 affects TOTOLINK X18, version 9.1.0cu.2024_B20220329. The issue is a command injection in the disconnectVPN function triggered through the pid parameter, caused by insufficient argument checking. The CVSS v3.1 score is 9.8 (CRITICAL) with network access, no privileges, no user inte...

CVE-2023-29800

CVE-2023-29800 affects TOTOLINK X18, firmware version V9.1.0cu.2024_B20220329. The vulnerability is a command injection in the UploadFirmwareFile function triggered via the FileName parameter, caused by insufficient input validation. Reported CVSS v3.1 base score 9.8 (CRITICAL) with network attac...