Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cp900 Firmware Security Vulnerabilities

cve
cve

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS

9.6AI Score

0.041EPSS

2023-03-23 03:15 PM
27
cve
cve

CVE-2022-28492

TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.

9.8CVSS

9.3AI Score

0.004EPSS

2023-03-23 02:15 PM
30
cve
cve

CVE-2022-28493

A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,

9.8CVSS

9.2AI Score

0.018EPSS

2023-03-23 03:15 PM
27
cve
cve

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS

9.8AI Score

0.041EPSS

2023-03-23 01:15 AM
24
cve
cve

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS

9.8AI Score

0.008EPSS

2023-03-24 02:15 PM
25
cve
cve

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS

9.8AI Score

0.087EPSS

2023-03-23 05:15 PM
25
cve
cve

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS

9.8AI Score

0.087EPSS

2023-03-23 04:15 PM
25
cve
cve

CVE-2024-7463

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclo...

9.8CVSS

8.9AI Score

0.003EPSS

2024-08-05 01:16 AM
5
cve
cve

CVE-2024-7464

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit h...

9.8CVSS

6.9AI Score

0.004EPSS

2024-08-05 01:16 AM
6