Shodan
Vulnerabilities
Vulnerable Software
Totolink:  Security Vulnerabilities
CVE-2024-31805
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-08
CVE-2024-31806
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-04-08
CVE-2024-31807
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
CVSS Score
9.8
EPSS Score
0.034
Published
2024-04-08
CVE-2024-31808
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-04-08
CVE-2024-31809
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVSS Score
8.8
EPSS Score
0.015
Published
2024-04-08
CVE-2024-31811
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVSS Score
8.0
EPSS Score
0.015
Published
2024-04-08
CVE-2024-31812
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-08
CVE-2024-31813
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-04-08
CVE-2024-31814
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-04-08
CVE-2024-31815
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVSS Score
9.1
EPSS Score
0.001
Published
2024-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved