22 matches found
TOTOLINK A720R 安全漏洞
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...
PT-2025-46846
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614 B20230630 within the sysconf binary sub 401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s...
EUVD-2022-41386
Malicious code in bioql PyPI...
TOTOLINK T6 serverIp Parameter Buffer Overflow Vulnerability
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...
PT-2025-30935 · Totolink · Totolink T6
Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 B20211015 Description: A critical vulnerability exists in the MQTT Packet Handler component of the affected product. The vulnerability is due to a buffer overflow in the tcpcheck net function within the...
TOTOLINK T6 安全漏洞
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from a buffer overflow due to an incorrect operation of the parameter serverIp in the MQTT packet processing component i...
CVE-2025-7460
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow...
CVE-2024-46424
TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service DoS via the File parameter...
PT-2024-39112 · Totolink · Totolink Ac1200 T8
Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: A critical issue affects the setWiFiScheduleCfg function of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiat...
PT-2024-38790 · Totolink · Totolink Ac1200 T8
Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.862 B20230228 Description: A critical issue affects the setTracerouteCfg function, leading to a buffer overflow. This can be exploited remotely. The vendor was contacted about this issue but did not respond...
PT-2024-26481 · Totolink · Totolink Cp900L
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A command injection issue was found via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. Recommendations: For TOTOLINK CP900L version...
PT-2024-26476 · Totolink · Totolink Cp900L
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: A hardcoded password issue was found in the /etc/shadow.sample file, allowing attackers to log in as root. Recommendations: For TOTOLINK CP900L version 4.1.5cu.798 B20221228, consider...
PT-2024-3807 · Totolink · Totolink Cp900L
Name of the Vulnerable Software and Affected Versions: TOTOLINK CP900L version 4.1.5cu.798 B20221228 Description: The issue is related to a hardcoded password for telnet in the /web cste/cgi-bin/product.ini file, allowing attackers to log in as root. This is due to the use of predefined credentia...
PT-2022-24586 · Totolink · Totolink T6
Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.709 B20210518 Description: The issue is related to command injection via the cstecgi.cgi endpoint. This allows for potential malicious commands to be executed. No information is provided about the estimated number ...
CVE-2022-38534
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution RCE vulnerability via the setdiagnosicfg function...
CVE-2022-38534
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution RCE vulnerability via the setdiagnosicfg function...
PT-2022-24442 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK-720R version 4.1.5cu.374 Description: A remote code execution issue was discovered, allowing for potential exploitation via the setTracerouteCfg function. Recommendations: For TOTOLINK-720R version 4.1.5cu.374, consider disabling the...
PT-2022-24441 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK-720R version 4.1.5cu.374 Description: A remote code execution issue was discovered, which can be exploited via the setdiagnosicfg function. Recommendations: For TOTOLINK-720R version 4.1.5cu.374, consider disabling the setdiagnosicfg...
PT-2022-12381 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: A stack overflow was discovered in the Form Login function, allowing attackers to cause a Denial of Service DoS via the flag parameter. Recommendations: For TOTOLINK A720R version...
PT-2022-12379 · Totolink · Totolink A720R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: The issue is related to a stack overflow in the Form Login function, allowing attackers to cause a Denial of Service DoS via the Host parameter. Recommendations: For TOTOLINK A720R...