cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9001,https://securityvulnerability.io/vulnerability/CVE-2024-9001,OS Command Injection Threat in TOTOLINK T10 Router,"A security vulnerability exists in the TOTOLINK T10 router, specifically within the setTracerouteCfg function found in the /cgi-bin/cstecgi.cgi file. This issue allows an attacker to execute arbitrary OS commands through improper validation of input parameters, leading to potential system compromise. The vulnerability can be exploited remotely, which increases its risk level. Despite early warnings provided to the vendor, there has been no acknowledgment or response, leaving users of affected versions exposed. It is imperative for users to remediate this vulnerability to safeguard their networks from malicious attacks.",Totolink,T10,8.8,HIGH,0.0013800000306218863,false,false,false,true,true,false,false,2024-09-19T20:00:09.012Z,0
CVE-2024-8577,https://securityvulnerability.io/vulnerability/CVE-2024-8577,Buffer Overflow Issue in TOTOLINK AC1200 T8 and T10 Products,"A critical buffer overflow vulnerability has been discovered in the TOTOLINK AC1200 T8 and T10 routers within the setStaticDhcpRules function located in /cgi-bin/cstecgi.cgi. This vulnerability arises from improper handling of input arguments, particularly the 'desc' parameter, leading to potential remote code execution. As the exploit has been publicly disclosed, it poses a significant risk to users of these devices. Security measures should be taken immediately to mitigate potential attacks, which could exploit this flaw without requiring any prior authentication.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,false,false,true,true,false,false,2024-09-08T18:31:05.815Z,0
CVE-2024-8576,https://securityvulnerability.io/vulnerability/CVE-2024-8576,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Products,"A significant buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically in the setIpPortFilterRules function located within the cgi-bin/cstecgi.cgi file. This vulnerability enables an attacker to manipulate the 'desc' parameter, potentially leading to code execution via a remote attack. The exploit has been publicly disclosed, and even though the vendor was notified prior to the disclosure, no response was received. Users of these routers are advised to take immediate action to secure their devices.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,false,false,true,true,false,false,2024-09-08T18:00:06.899Z,0
CVE-2024-8573,https://securityvulnerability.io/vulnerability/CVE-2024-8573,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Routers,"A critical buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically within the setParentalRules function located in the cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by manipulating the 'desc' argument, leading to a buffer overflow condition. The nature of this flaw allows for remote exploitation, opening the door for potential attackers to execute arbitrary code. The exploit has already been publicly disclosed, putting users at significant risk. Despite proactive communication regarding this issue, TOTOLINK has not provided a response or mitigation strategy.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,false,false,true,true,false,false,2024-09-08T10:00:06.219Z,0
CVE-2024-8162,https://securityvulnerability.io/vulnerability/CVE-2024-8162,Vulnerability in TOTOLINK T10 AC1200 Telnet Service,"A significant security flaw has been identified in the TOTOLINK T10 AC1200, specifically within the Telnet service's handling of configuration files. The vulnerability lies in the use of hard-coded credentials located in the /squashfs-root/web_cste/cgi-bin/product.ini file. This design oversight allows attackers to exploit the device remotely, potentially gaining unauthorized access to its functionalities. As of now, the vendor has not addressed this issue despite early notifications about the existence of this vulnerability. Organizations utilizing the affected product should prioritize remediation to safeguard against possible exploitation.",Totolink,T10 Ac1200,9.8,CRITICAL,0.0023799999617040157,false,false,false,true,true,false,false,2024-08-26T13:00:09.562Z,0
CVE-2023-40042,https://securityvulnerability.io/vulnerability/CVE-2023-40042,,"TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0013800000306218863,false,false,false,false,,false,false,2023-08-08T00:00:00.000Z,0
CVE-2023-40041,https://securityvulnerability.io/vulnerability/CVE-2023-40041,,"TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.001550000044517219,false,false,false,false,,false,false,2023-08-08T00:00:00.000Z,0
CVE-2021-43636,https://securityvulnerability.io/vulnerability/CVE-2021-43636,,Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.,Totolink,T10 V2 Firmware,9.8,CRITICAL,0.003719999920576811,false,false,false,false,,false,false,2022-03-25T17:55:41.000Z,0
CVE-2022-25081,https://securityvulnerability.io/vulnerability/CVE-2022-25081,,"TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the ""Main"" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0030900000128895044,false,false,false,false,,false,false,2022-02-24T15:15:00.000Z,0