Shodan
Vulnerabilities
Vulnerable Software
Totolink:  Security Vulnerabilities
CVE-2024-57021
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg.
CVSS Score
8.8
EPSS Score
0.054
Published
2025-01-15
CVE-2024-57213
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.
CVSS Score
6.3
EPSS Score
0.025
Published
2025-01-10
CVE-2024-57214
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
CVSS Score
6.3
EPSS Score
0.025
Published
2025-01-10
CVE-2024-57211
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVSS Score
8.0
EPSS Score
0.021
Published
2025-01-10
CVE-2024-57212
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVSS Score
5.1
EPSS Score
0.023
Published
2025-01-10
CVE-2024-54907
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-12-26
CVE-2024-12352
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-12-09
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-11-22
CVE-2024-53335
TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-11-21
CVE-2024-53333
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved