Ex200 Firmware Security Vulnerabilities and Issues — Ex200 Firmware CVE List

Lucene search

TotolinkEx200 Firmware

6 matches found

CVE•added 2022/01/04 2:15 p.m.•147 views

CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.

9.8CVSS9.8AI score0.13762EPSS

CVE•added 2024/08/01 3:15 a.m.•59 views

CVE-2024-7336

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit ...

9CVSS8.9AI score0.00429EPSS

CVE•added 2024/05/14 3:25 p.m.•58 views

CVE-2024-31810

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

9.8CVSS7.5AI score0.00433EPSS

CVE•added 2024/04/08 1:15 p.m.•51 views

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.

9.8CVSS8.3AI score0.0132EPSS

CVE•added 2024/08/01 2:15 a.m.•37 views

CVE-2024-7335

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remote...

9CVSS8.9AI score0.00527EPSS

CVE•added 2024/04/08 1:15 p.m.•33 views

CVE-2024-31815

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh

9.1CVSS6.8AI score0.00074EPSS