TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVSS Score
8.0
EPSS Score
0.006
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-04-08
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVSS Score
9.1
EPSS Score
0.001
Published
2024-04-08
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-08
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
CVSS Score
9.8
EPSS Score
0.138
Published
2022-01-04
Page 2