Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-51018
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51019
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51020
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51021
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51022
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51033
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51034
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-22
CVE-2023-51035
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-22
CVE-2023-50147
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-12-22
CVE-2023-50708
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved