Ca300-poe Firmware Security Vulnerabilities and Issues — Ca300-poe Firmware CVE List

Lucene search

TotolinkCa300-poe Firmware

15 matches found

CVE•added 2023/02/03 4:15 p.m.•126 views

CVE-2023-24138

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•109 views

CVE-2023-24141

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•105 views

CVE-2023-24145

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•51 views

CVE-2023-24148

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•47 views

CVE-2023-24144

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•46 views

CVE-2023-24146

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•45 views

CVE-2023-24139

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•45 views

CVE-2023-24140

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/14 3:15 p.m.•45 views

CVE-2023-24160

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/14 3:15 p.m.•41 views

CVE-2023-24159

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/14 3:15 p.m.•41 views

CVE-2023-24161

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•39 views

CVE-2023-24147

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.

7.5CVSS7.7AI score0.001EPSS

CVE•added 2023/02/03 4:15 p.m.•38 views

CVE-2023-24142

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.

9.8CVSS9.7AI score0.01454EPSS

CVE•added 2023/02/03 4:15 p.m.•38 views

CVE-2023-24149

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.

9.8CVSS9.6AI score0.001EPSS

CVE•added 2023/02/03 4:15 p.m.•36 views

CVE-2023-24143

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.

9.8CVSS9.7AI score0.01454EPSS