Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
TotolinkX18 Firmware9.1.0cu.2024 b20220329

12 matches found

CVE
CVEadded 2023/04/14 2:15 p.m.220 views

CVE-2023-29800

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2025/03/02 7:15 p.m.73 views

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remote...

8.8CVSS7.3AI score0.01328EPSS
CVE
CVEadded 2025/02/16 2:15 p.m.59 views

CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ...

9CVSS7AI score0.00104EPSS
CVE
CVEadded 2023/04/14 2:15 p.m.48 views

CVE-2023-29799

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2023/04/14 2:15 p.m.46 views

CVE-2023-29803

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2025/02/16 12:15 p.m.46 views

CVE-2025-1339

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit ...

8.8CVSS6.9AI score0.00093EPSS
CVE
CVEadded 2023/04/14 2:15 p.m.45 views

CVE-2023-29798

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2025/04/18 3:15 p.m.44 views

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.

9.8CVSS7.3AI score0.0073EPSS
CVE
CVEadded 2025/04/03 8:15 p.m.42 views

CVE-2025-29064

An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.

9.8CVSS8.1AI score0.01776EPSS
CVE
CVEadded 2023/04/14 2:15 p.m.38 views

CVE-2023-29802

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

9.8CVSS9.7AI score0.01454EPSS
CVE
CVEadded 2024/11/07 6:15 p.m.38 views

CVE-2024-10966

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotely...

8.8CVSS7.7AI score0.02835EPSS
CVE
CVEadded 2023/04/14 2:15 p.m.37 views

CVE-2023-29801

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.

9.8CVSS9.9AI score0.01454EPSS