cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42966,https://securityvulnerability.io/vulnerability/CVE-2024-42966,Access Control Vulnerability in TOTOLINK Router,"The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.",Totolink,N350rt Firmware,9.8,CRITICAL,0.01269999984651804,false,false,false,false,,false,false,2024-08-15T17:15:00.000Z,0
CVE-2022-36488,https://securityvulnerability.io/vulnerability/CVE-2022-36488,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:55:14.000Z,0
CVE-2022-36487,https://securityvulnerability.io/vulnerability/CVE-2022-36487,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:13.000Z,0
CVE-2022-36485,https://securityvulnerability.io/vulnerability/CVE-2022-36485,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36486,https://securityvulnerability.io/vulnerability/CVE-2022-36486,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36484,https://securityvulnerability.io/vulnerability/CVE-2022-36484,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:55:11.000Z,0
CVE-2022-36483,https://securityvulnerability.io/vulnerability/CVE-2022-36483,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:54:40.000Z,0
CVE-2022-36482,https://securityvulnerability.io/vulnerability/CVE-2022-36482,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2022-08-25T13:54:38.000Z,0
CVE-2022-36481,https://securityvulnerability.io/vulnerability/CVE-2022-36481,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:54:37.000Z,0
CVE-2022-36480,https://securityvulnerability.io/vulnerability/CVE-2022-36480,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.,Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2022-08-25T13:54:36.000Z,0
CVE-2022-36479,https://securityvulnerability.io/vulnerability/CVE-2022-36479,,TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.,Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:54:32.000Z,0