cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7909,https://securityvulnerability.io/vulnerability/CVE-2024-7909,Stack-Based Buffer Overflow in TOTOLINK EX1200L Product,"A critical vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setLanguageCfg function located in the cstecgi.cgi file. This vulnerability is classified as a stack-based buffer overflow, allowing an attacker to manipulate the langType argument. If successfully exploited, this could result in remote code execution, putting the system and connected networks at significant risk. Notably, the vulnerability has been publicly disclosed, and users are strongly advised to apply any available patches or mitigations immediately. As the vendor has not responded to notifications about this issue, proactive measures are essential for maintaining network security.",TOTOLINK,Ex1200l Firmware,9.8,CRITICAL,0.003019999945536256,false,false,false,false,,false,false,2024-08-18T18:15:00.000Z,0
CVE-2024-7908,https://securityvulnerability.io/vulnerability/CVE-2024-7908,"CRITICAL Vulnerability Discovered in TOTOLINK's EX1200L Product, Remote Exploitation Possible","A vulnerability has been identified in the TOTOLINK EX1200L network device, specifically in the setDefResponse function located in the cstecgi.cgi file. This issue results from improper handling of user-supplied input for the IpAddress argument, which may lead to a stack-based buffer overflow. An attacker can exploit this flaw remotely, allowing unauthorized control over the affected device. The vulnerability poses significant risks as the exploit has been publicly disclosed, and despite notifications, the vendor has not provided any responses concerning the disclosed issues.",TOTOLINK,Ex1200l Firmware,9.8,CRITICAL,0.0025100000202655792,false,false,false,false,,false,false,2024-08-18T17:15:00.000Z,0
CVE-2024-7338,https://securityvulnerability.io/vulnerability/CVE-2024-7338,Buffer Overflow Vulnerability in TOTOLINK EX1200L Router Firmware,"A severe buffer overflow vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This vulnerability is triggered by manipulating the week, sTime, or eTime arguments. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the router, potentially allowing for the complete takeover of the device. This critical issue has been publicized, raising concerns about its exploitation in the wild. TOTOLINK has been notified of this vulnerability but has not provided any response or mitigation guidance.",Totolink,Ex1200l,8.8,HIGH,0.0017900000093504786,false,false,false,true,true,false,false,2024-08-01T03:31:04.032Z,0
CVE-2024-7337,https://securityvulnerability.io/vulnerability/CVE-2024-7337,Buffer Overflow in TOTOLINK EX1200L Due to Vulnerable Loginauth Function,"A severe vulnerability has been identified in the TOTOLINK EX1200L model, specifically within the loginauth function located in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the http_host argument, which can lead to a buffer overflow condition. Attackers can exploit this vulnerability remotely, potentially compromising the system’s security and gaining unauthorized access. Despite early notification to the vendor regarding the issue, there has been no response or fix provided. Users of the affected firmware version are advised to take precautionary measures to mitigate potential risks.",Totolink,Ex1200l,8.8,HIGH,0.0017900000093504786,false,false,false,true,true,false,false,2024-08-01T03:00:06.098Z,0
CVE-2024-7334,https://securityvulnerability.io/vulnerability/CVE-2024-7334,Buffer Overflow Vulnerability in EX1200L Could be Remotely Exploited,"A significant vulnerability exists in the TOTOLINK EX1200L firmware version 9.3.5u.6146_B20201023, specifically within the UploadCustomModule feature located in the /cgi-bin/cstecgi.cgi file. This vulnerability could result in a buffer overflow, allowing attackers to potentially execute arbitrary code remotely. The exploit method has been publicly disclosed, heightening the risk for users who have not updated their devices. This situation is worsened by the lack of response from TOTOLINK following the initial disclosure, which raises concerns about user safety and device security.",Totolink,Ex1200l,8.8,HIGH,0.0017900000093504786,false,false,false,true,true,false,false,2024-08-01T01:31:04.816Z,0
CVE-2023-51034,https://securityvulnerability.io/vulnerability/CVE-2023-51034,,TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.,Totolink,Ex1200l Firmware,9.8,CRITICAL,0.026729999110102654,false,false,false,false,,false,false,2023-12-22T00:00:00.000Z,0
CVE-2023-4412,https://securityvulnerability.io/vulnerability/CVE-2023-4412,TOTOLINK EX1200L setWanCfg os command injection,"A security vulnerability has been identified in TOTOLINK EX1200L routers that allows for OS command injection via the setWanCfg function. This vulnerability can be exploited remotely, potentially allowing attackers to execute arbitrary commands on the affected device. The weakness was publicly disclosed, and the vendor has been made aware of it but did not provide a response. Users are encouraged to evaluate their risk and implement mitigation strategies to safeguard their networks from potential exploits.",TOTOLINK,EX1200L,9.8,CRITICAL,0.00203999993391335,false,false,false,false,,false,false,2023-08-18T15:15:00.000Z,0
CVE-2023-4410,https://securityvulnerability.io/vulnerability/CVE-2023-4410,TOTOLINK EX1200L setDiagnosisCfg os command injection,"A vulnerability has been identified in the TOTOLINK EX1200L router, specifically in the function setDiagnosisCfg. This flaw permits attackers to execute arbitrary OS commands on the affected device. The vulnerability allows remote exploitation, meaning malicious actors can leverage this weakness over the internet without physical access. As details of this exploit are publicly available, it poses a significant risk to users who have not applied the necessary patches or updates.",TOTOLINK,EX1200L,9.8,CRITICAL,0.00203999993391335,false,false,false,false,,false,false,2023-08-18T14:15:00.000Z,0
CVE-2023-4411,https://securityvulnerability.io/vulnerability/CVE-2023-4411,TOTOLINK EX1200L setTracerouteCfg os command injection,"A serious OS command injection vulnerability has been identified in the TOTOLINK EX1200L device, specifically affecting the setTracerouteCfg function. This flaw allows unauthorized users to execute arbitrary commands on the device remotely. The vulnerability has been publicly disclosed, and exploitation is feasible due to a lack of response from the vendor upon notification. Users are urged to secure their devices to prevent potential exploitation.",TOTOLINK,EX1200L,9.8,CRITICAL,0.06453000009059906,false,false,false,false,,false,false,2023-08-18T14:15:00.000Z,0