Shodan
Vulnerabilities
Vulnerable Software
Totolink:  Security Vulnerabilities
CVE-2024-35401
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-28
CVE-2024-35397
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-28
CVE-2024-35398
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-28
CVE-2024-35399
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-28
CVE-2024-35400
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-28
CVE-2024-35388
TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVSS Score
8.8
EPSS Score
0.041
Published
2024-05-24
CVE-2024-35387
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVSS Score
9.8
EPSS Score
0.082
Published
2024-05-24
CVE-2024-35395
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-24
CVE-2024-35396
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-24
CVE-2024-32352
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVSS Score
8.8
EPSS Score
0.046
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved