Cp900 Firmware Security Vulnerabilities and Issues — Cp900 Firmware CVE List

Lucene search

TotolinkCp900 Firmware

9 matches found

CVE•added 2023/03/23 2:15 p.m.•51 views

CVE-2022-28492

TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.

9.8CVSS9.3AI score0.0012EPSS

CVE•added 2023/03/24 2:15 p.m.•49 views

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00619EPSS

CVE•added 2023/03/23 4:15 p.m.•49 views

CVE-2022-28497

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00177EPSS

CVE•added 2023/03/23 3:15 p.m.•48 views

CVE-2022-28493

A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,

9.8CVSS9.2AI score0.00115EPSS

CVE•added 2023/03/23 3:15 p.m.•47 views

CVE-2022-28491

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.6AI score0.00619EPSS

CVE•added 2023/03/23 5:15 p.m.•44 views

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00212EPSS

CVE•added 2023/03/23 1:15 a.m.•43 views

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8CVSS9.8AI score0.00619EPSS

CVE•added 2024/08/05 1:16 a.m.•20 views

CVE-2024-7464

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit h...

9.8CVSS6.9AI score0.11655EPSS

CVE•added 2024/08/05 1:16 a.m.•16 views

CVE-2024-7463

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclo...

9.8CVSS8.9AI score0.01882EPSS