T6 Firmware Security Vulnerabilities and Issues — T6 Firmware CVE List

Lucene search

TotolinkT6 Firmware

23 matches found

CVE•added 2022/02/19 12:15 a.m.•180 views

CVE-2022-25134

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.01031EPSS

CVE•added 2022/02/24 3:15 p.m.•172 views

CVE-2022-25084

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

9.8CVSS9.9AI score0.83334EPSS

CVE•added 2022/02/19 12:15 a.m.•89 views

CVE-2022-25130

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/02/19 12:15 a.m.•71 views

CVE-2022-25131

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/07/01 6:15 p.m.•70 views

CVE-2022-32049

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/02/19 12:15 a.m.•69 views

CVE-2022-25132

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/02/19 12:15 a.m.•66 views

CVE-2022-25137

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/02/19 12:15 a.m.•65 views

CVE-2022-25136

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/07/01 6:15 p.m.•65 views

CVE-2022-32051

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/07/01 6:15 p.m.•63 views

CVE-2022-32046

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/07/01 6:15 p.m.•63 views

CVE-2022-32052

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/07/01 6:15 p.m.•62 views

CVE-2022-32048

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.

7.5CVSS7.8AI score0.00395EPSS

CVE•added 2022/02/19 12:15 a.m.•61 views

CVE-2022-25135

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/07/01 6:15 p.m.•61 views

CVE-2022-32044

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.

7.5CVSS7.8AI score0.00395EPSS

CVE•added 2022/02/19 12:15 a.m.•60 views

CVE-2022-25133

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8CVSS9.7AI score0.04613EPSS

CVE•added 2022/07/01 6:15 p.m.•56 views

CVE-2022-32045

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/07/01 6:15 p.m.•53 views

CVE-2022-32050

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/07/01 6:15 p.m.•52 views

CVE-2022-32053

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/09/16 3:15 p.m.•51 views

CVE-2022-38823

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.

9.8CVSS9.4AI score0.00134EPSS

CVE•added 2022/09/16 3:15 p.m.•48 views

CVE-2022-38826

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.

9.8CVSS9.7AI score0.00154EPSS

CVE•added 2022/07/01 6:15 p.m.•47 views

CVE-2022-32047

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.

7.5CVSS7.7AI score0.00395EPSS

CVE•added 2022/09/16 3:15 p.m.•46 views

CVE-2022-38828

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi

9.8CVSS9.6AI score0.39632EPSS

CVE•added 2022/09/16 3:15 p.m.•44 views

CVE-2022-38827

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi

9.8CVSS9.4AI score0.12436EPSS