Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Totolink
Angry Yack Logo
Total 1071 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46413 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
CVE-2023-46412 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
CVE-2023-46411 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
CVE-2023-46410 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
CVE-2023-46409 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
CVE-2023-46408 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
CVE-2023-45985 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 N/A 7.5 HIGH
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2023-45984 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
CVE-2023-43455 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.
CVE-2023-43454 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.
CVE-2023-43453 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 N/A 9.8 CRITICAL
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.
CVE-2023-43141 1 Totolink 4 A3700r, A3700r Firmware, N600r and 1 more 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
CVE-2023-40042 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.
CVE-2023-40041 1 Totolink 2 T10 V2, T10 V2 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.
CVE-2023-39618 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.
CVE-2023-39617 1 Totolink 2 X5000r, X5000r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVE-2023-37173 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.
CVE-2023-37172 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.
CVE-2023-37171 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
CVE-2023-37170 1 Totolink 2 A3300r, A3300r Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.
CVE-2023-37149 1 Totolink 2 Lr350, Lr350 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.
CVE-2023-37148 1 Totolink 2 Lr350, Lr350 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.
CVE-2023-37146 1 Totolink 2 Lr350, Lr350 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVE-2023-37145 1 Totolink 2 Lr350, Lr350 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
CVE-2023-36955 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-36954 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36953 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection.
CVE-2023-36952 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg.
CVE-2023-36950 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-36947 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
CVE-2023-36340 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-34669 1 Totolink 2 Cp300\+, Cp300\+ Firmware 2024-11-21 N/A 7.5 HIGH
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
CVE-2023-2790 1 Totolink 2 N200re, N200re Firmware 2024-11-21 1.4 LOW 2.3 LOW
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclo ...

Show More
CVE-2023-29799 1 Totolink 2 X18, X18 Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.
CVE-2023-25395 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
CVE-2022-46025 1 Totolink 2 N200re V5, N200re V5 Firmware 2024-11-21 N/A 9.1 CRITICAL
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page.
CVE-2022-41528 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2022-41527 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function.
CVE-2022-41526 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 N/A 8.8 HIGH
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.
CVE-2022-41525 1 Totolink 2 Nr1800x, Nr1800x Firmware 2024-11-21 N/A 9.8 CRITICAL
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.