Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-34210
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
CVSS Score
7.3
EPSS Score
0.047
Published
2024-05-14
CVE-2024-34211
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-14
CVE-2024-34200
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-05-14
CVE-2024-34201
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
CVSS Score
7.3
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34202
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34203
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
CVSS Score
3.8
EPSS Score
0.004
Published
2024-05-14
CVE-2024-34204
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
CVSS Score
9.8
EPSS Score
0.06
Published
2024-05-14
CVE-2024-34205
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
CVSS Score
7.3
EPSS Score
0.046
Published
2024-05-14
CVE-2024-34196
Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU_V3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlan_idx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function by constructing malicious HTTP requests and passing a WLAN SSID value exceeding the expected length, potentially resulting in command execution or denial of service attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-14
CVE-2024-34199
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVSS Score
8.6
EPSS Score
0.019
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved