cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42966,https://securityvulnerability.io/vulnerability/CVE-2024-42966,Access Control Vulnerability in TOTOLINK Router,"The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.",Totolink,N350rt Firmware,9.8,CRITICAL,0.01269999984651804,false,false,false,false,,false,false,2024-08-15T17:15:00.000Z,0
CVE-2024-7462,https://securityvulnerability.io/vulnerability/CVE-2024-7462,Buffer Overflow Exploit in TOTOLINK N350RT Router,"A critical buffer overflow vulnerability exists in the TOTOLINK N350RT router's setWizardCfg function, found in the /cgi-bin/cstecgi.cgi file. This flaw can be exploited remotely by manipulating the 'ssid' argument, potentially allowing attackers to execute arbitrary code on the affected device. The vulnerability has been publicly disclosed, raising concerns about the security of devices running the affected firmware version 9.3.5u.6139_B20201216. With no response from the vendor upon discovery and disclosure of this vulnerability, users are urged to take protective measures to secure their networks.",Totolink,N350rt,9.8,CRITICAL,0.0025100000202655792,false,false,false,true,true,false,false,2024-08-05T00:15:00.000Z,0
CVE-2024-7333,https://securityvulnerability.io/vulnerability/CVE-2024-7333,Buffer Overflow Vulnerability in TOTOLINK N350RT Router,"A serious buffer overflow vulnerability has been identified in the TOTOLINK N350RT router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate input parameters such as week, sTime, and eTime, potentially leading to unauthorized access or control over the device. The vulnerability can be exploited remotely, making it a significant threat to users. Despite early warnings provided to the vendor, no response was received regarding the issue. Users are advised to apply any available security patches and monitor for updates to protect their devices from potential exploitation.",Totolink,N350rt,8.8,HIGH,0.0017900000093504786,false,false,false,true,true,false,false,2024-08-01T01:00:07.454Z,0
CVE-2024-0943,https://securityvulnerability.io/vulnerability/CVE-2024-0943,Totolink N350RT cstecgi.cgi session expiration,A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Totolink,N350RT,5.3,MEDIUM,0.0006000000284984708,false,false,false,true,true,false,false,2024-01-26T20:15:00.000Z,0
CVE-2024-0570,https://securityvulnerability.io/vulnerability/CVE-2024-0570,Totolink N350RT Setting cstecgi.cgi access control,"The vulnerability in the Totolink N350RT router specifically affects the Setting Handler component, located in the /cgi-bin/cstecgi.cgi file. It exposes the system to improper access control risks, allowing unauthorized users to manipulate critical functionalities remotely. This security flaw underscores the necessity for immediate software upgrades to safeguard user confidentiality and data integrity. It is essential for administrators to apply the latest patches to mitigate potential exploitation risks associated with this vulnerability.",Totolink,N350rt,9.1,CRITICAL,0.004980000201612711,false,false,false,false,,false,false,2024-01-16T13:31:04.015Z,0
CVE-2023-7219,https://securityvulnerability.io/vulnerability/CVE-2023-7219,Totolink N350RT cstecgi.cgi loginAuth stack-based overflow,"A vulnerability has been identified in the Totolink N350RT router version 9.3.5u.6139_B202012 related to the loginAuth function in the /cgi-bin/cstecgi.cgi script. Manipulating the http_host argument can lead to a stack-based buffer overflow, allowing an attacker to execute remote exploits. The details of this vulnerability have been publicly disclosed, and the potential for exploitation has raised significant security concerns. Despite early notification, the vendor has not responded to address this issue.",Totolink,N350RT,9.8,CRITICAL,0.0013500000350177288,false,false,false,true,true,false,false,2024-01-09T06:15:00.000Z,0
CVE-2023-7218,https://securityvulnerability.io/vulnerability/CVE-2023-7218,Totolink N350RT cstecgi.cgi loginAuth stack-based overflow,"A vulnerability affecting the Totolink N350RT router allows for a stack-based buffer overflow due to improper handling of the password argument in the loginAuth function located in the /cgi-bin/cstecgi.cgi file. This issue could be exploited remotely, enabling attackers to compromise the device's security. The vendor was notified about the vulnerability before public disclosure but did not respond. Users of the affected router model should take immediate action to mitigate potential security risks.",Totolink,N350RT,7.2,HIGH,0.0030799999367445707,false,false,false,false,,false,false,2024-01-08T21:15:00.000Z,0
CVE-2023-7214,https://securityvulnerability.io/vulnerability/CVE-2023-7214,Totolink N350RT HTTP POST Request main stack-based overflow,"A vulnerability has been identified in the Totolink N350RT router, specifically within the HTTP POST Request Handler function located in /cgi-bin/cstecgi.cgi. Manipulation of the parameter 'v8' can result in a stack-based buffer overflow, which poses a significant risk for remote attack vectors. Exploit details for this vulnerability are publicly available, potentially allowing malicious actors to compromise affected devices. Despite prior notification to the vendor, there has been no response regarding this issue.",Totolink,N350RT,8.8,HIGH,0.003000000026077032,false,false,false,true,true,false,false,2024-01-07T20:15:00.000Z,0
CVE-2023-7213,https://securityvulnerability.io/vulnerability/CVE-2023-7213,Totolink N350RT HTTP POST Request main stack-based overflow,"A stack-based buffer overflow vulnerability exists in the Totolink N350RT router due to inadequate input validation in the HTTP POST request handler. Specifically, the flaw is triggered by manipulating the 'v33' argument in the login function of the '/cgi-bin/cstecgi.cgi?action=login&flag=1' endpoint. This vulnerability allows an attacker to execute arbitrary code remotely, compromising the integrity and security of the device. The issue has been publicly disclosed, and users are advised to take immediate action to mitigate potential risks.",Totolink,N350RT,8.8,HIGH,0.003000000026077032,false,false,false,true,true,false,false,2024-01-07T19:15:00.000Z,0
CVE-2023-7187,https://securityvulnerability.io/vulnerability/CVE-2023-7187,Totolink N350RT HTTP POST Request stack-based overflow,"A stack-based buffer overflow vulnerability has been identified in the Totolink N350RT router, specifically in the HTTP POST request handler found in the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8. This flaw can be exploited through improper processing of certain requests, potentially allowing attackers to execute arbitrary code or crash the device. Public disclosure of the exploit method raises concerns regarding its accessibility and potential threat to network security. The vendor has been notified about this issue, but has not yet responded.",Totolink,N350RT,8.8,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2023-12-31T14:15:00.000Z,0
CVE-2022-36488,https://securityvulnerability.io/vulnerability/CVE-2022-36488,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:55:14.000Z,0
CVE-2022-36487,https://securityvulnerability.io/vulnerability/CVE-2022-36487,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:13.000Z,0
CVE-2022-36486,https://securityvulnerability.io/vulnerability/CVE-2022-36486,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36485,https://securityvulnerability.io/vulnerability/CVE-2022-36485,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36484,https://securityvulnerability.io/vulnerability/CVE-2022-36484,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:55:11.000Z,0
CVE-2022-36483,https://securityvulnerability.io/vulnerability/CVE-2022-36483,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:54:40.000Z,0
CVE-2022-36482,https://securityvulnerability.io/vulnerability/CVE-2022-36482,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2022-08-25T13:54:38.000Z,0
CVE-2022-36481,https://securityvulnerability.io/vulnerability/CVE-2022-36481,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:54:37.000Z,0
CVE-2022-36480,https://securityvulnerability.io/vulnerability/CVE-2022-36480,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:54:36.000Z,0
CVE-2022-36479,https://securityvulnerability.io/vulnerability/CVE-2022-36479,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:54:32.000Z,0