Totolink: >> Ex300 V2 Firmware Security Vulnerabilities
TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
CVSS Score
9.8
EPSS Score
0.337
Published
2022-07-07
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-03-31
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-31
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-31
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-30
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
CVSS Score
8.1
EPSS Score
0.044
Published
2022-03-30