Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> T6 Firmware  Security Vulnerabilities
CVE-2022-32048
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-32049
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-32050
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-32051
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-32052
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-32053
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-01
CVE-2022-25084
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.808
Published
2022-02-24
CVE-2022-25130
A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-02-19
CVE-2022-25131
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-02-19
CVE-2022-25132
A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved