cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8869,https://securityvulnerability.io/vulnerability/CVE-2024-8869,OS Command Injection Vulnerability in TOTOLINK A720R Router,"A critical security vulnerability has been identified in the TOTOLINK A720R router, specifically in the exportOvpn function. This flaw allows for OS command injection, posing a significant risk as it could be exploited remotely by attackers. The attack complexity is categorized as high, making it exceedingly challenging for the average user to mitigate without the necessary security measures in place. As of the last report, the vendor has not responded to advisories regarding this vulnerability, leaving devices susceptible to potential exploits. Users are advised to monitor their systems closely and apply necessary security patches or measures as they become available.",Totolink,A720r,8.1,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2024-09-15T10:31:05.443Z,0
CVE-2023-23064,https://securityvulnerability.io/vulnerability/CVE-2023-23064,Incorrect Access Control Vulnerability in TOTOLINK A720R Router,"The TOTOLINK A720R router, specifically the V4.1.5cu.532_B20210610 version, has been identified to contain an incorrect access control vulnerability. This flaw allows unauthorized users to gain access to restricted areas of the system, potentially compromising sensitive information and network configurations. Users of the affected model should implement appropriate security measures to mitigate the risk associated with this vulnerability.",Totolink,A720r Firmware,9.8,CRITICAL,0.0071299998089671135,false,false,false,false,,false,false,2023-02-17T00:00:00.000Z,0
CVE-2022-38535,https://securityvulnerability.io/vulnerability/CVE-2022-38535,,TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.,Totolink,A720r Firmware,7.2,HIGH,0.003389999968931079,false,false,false,false,,false,false,2022-09-15T17:58:20.000Z,0
CVE-2022-38534,https://securityvulnerability.io/vulnerability/CVE-2022-38534,,TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.,Totolink,A720r Firmware,7.2,HIGH,0.003389999968931079,false,false,false,false,,false,false,2022-09-15T17:58:19.000Z,0
CVE-2022-36610,https://securityvulnerability.io/vulnerability/CVE-2022-36610,,TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.,Totolink,A720r Firmware,7.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2022-08-29T00:15:00.000Z,0
CVE-2022-36456,https://securityvulnerability.io/vulnerability/CVE-2022-36456,,TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.,Totolink,A720r Firmware,7.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2022-08-25T13:53:25.000Z,0
CVE-2021-44246,https://securityvulnerability.io/vulnerability/CVE-2021-44246,,"Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.",Totolink,A720r Firmware,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-02-04T01:34:03.000Z,0
CVE-2021-44247,https://securityvulnerability.io/vulnerability/CVE-2021-44247,,"Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.",Totolink,A720r Firmware,9.8,CRITICAL,0.011889999732375145,false,false,false,false,,false,false,2022-02-04T01:34:03.000Z,0
CVE-2021-45737,https://securityvulnerability.io/vulnerability/CVE-2021-45737,,TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.,Totolink,A720r Firmware,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-02-04T01:33:54.000Z,0
CVE-2021-45739,https://securityvulnerability.io/vulnerability/CVE-2021-45739,,TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.,Totolink,A720r Firmware,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2022-02-04T01:33:53.000Z,0
CVE-2021-45740,https://securityvulnerability.io/vulnerability/CVE-2021-45740,,TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.,Totolink,A720r Firmware,9.8,CRITICAL,0.0026100000832229853,false,false,false,false,,false,false,2022-02-04T01:33:52.000Z,0
CVE-2021-45742,https://securityvulnerability.io/vulnerability/CVE-2021-45742,,"TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the ""Main"" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.",Totolink,A720r Firmware,9.8,CRITICAL,0.011889999732375145,false,false,false,false,,false,false,2022-02-04T01:33:51.000Z,0
CVE-2021-35325,https://securityvulnerability.io/vulnerability/CVE-2021-35325,,A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).,Totolink,A720r Firmware,7.5,HIGH,0.001180000021122396,false,false,false,false,,false,false,2021-08-05T20:39:19.000Z,0
CVE-2021-35327,https://securityvulnerability.io/vulnerability/CVE-2021-35327,,"A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.",Totolink,A720r Firmware,9.8,CRITICAL,0.01737000048160553,false,false,false,false,,false,false,2021-08-05T20:39:17.000Z,0
CVE-2021-35326,https://securityvulnerability.io/vulnerability/CVE-2021-35326,,A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.,Totolink,A720r Firmware,7.5,HIGH,0.009449999779462814,false,false,false,false,,false,false,2021-08-05T20:39:16.000Z,0
CVE-2021-35324,https://securityvulnerability.io/vulnerability/CVE-2021-35324,,A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.,Totolink,A720r Firmware,9.8,CRITICAL,0.0106800002977252,false,false,false,false,,false,false,2021-08-05T20:39:11.000Z,0