Lucene search

K
TotolinkCp900 Firmware

13 matches found

CVE
CVE
added 2023/03/23 2:15 p.m.51 views

CVE-2022-28492

TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.

9.8CVSS9.3AI score0.0012EPSS
CVE
CVE
added 2023/03/24 2:15 p.m.49 views

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00619EPSS
CVE
CVE
added 2023/03/23 4:15 p.m.49 views

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00177EPSS
CVE
CVE
added 2025/05/01 3:16 p.m.49 views

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8.3AI score0.15488EPSS
CVE
CVE
added 2023/03/23 3:15 p.m.48 views

CVE-2022-28493

A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,

9.8CVSS9.2AI score0.00115EPSS
CVE
CVE
added 2023/03/23 3:15 p.m.47 views

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.6AI score0.00619EPSS
CVE
CVE
added 2025/05/01 2:15 p.m.46 views

CVE-2025-44854

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS6.9AI score0.15488EPSS
CVE
CVE
added 2025/05/01 3:16 p.m.45 views

CVE-2025-44837

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8.3AI score0.15488EPSS
CVE
CVE
added 2023/03/23 5:15 p.m.44 views

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00212EPSS
CVE
CVE
added 2023/03/23 1:15 a.m.43 views

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00619EPSS
CVE
CVE
added 2025/05/01 3:16 p.m.43 views

CVE-2025-44836

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3CVSS8.3AI score0.15488EPSS
CVE
CVE
added 2024/08/05 1:16 a.m.20 views

CVE-2024-7464

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit h...

9.8CVSS6.9AI score0.11655EPSS
CVE
CVE
added 2024/08/05 1:16 a.m.16 views

CVE-2024-7463

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclo...

9.8CVSS8.9AI score0.01882EPSS