Totolink: >> Cp900l Firmware Security Vulnerabilities
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
CVSS Score
2.7
EPSS Score
0.0
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
CVSS Score
5.3
EPSS Score
0.0
Published
2024-05-28
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-05-24
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-05-24