cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7464,https://securityvulnerability.io/vulnerability/CVE-2024-7464,Command Injection Vulnerability in TOTOLINK CP900 Telnet Service,"A serious command injection vulnerability has been identified in the TOTOLINK CP900 version 6.3c.566, specifically within the Telnet Service's setTelnetCfg function. This flaw arises from improper validation of the telnet_enabled argument, allowing attackers to execute arbitrary commands remotely by manipulating this parameter. The vulnerability has been disclosed publicly, and despite attempts to communicate with the vendor for a resolution, they have not responded. Users of affected systems should take immediate action to mitigate potential exploitation.",Totolink,Cp900,9.8,CRITICAL,0.0032500000670552254,false,false,false,true,true,false,false,2024-08-05T01:00:06.527Z,0
CVE-2024-7463,https://securityvulnerability.io/vulnerability/CVE-2024-7463,Buffer Overflow Vulnerability in TOTOLINK CP900,"A critical vulnerability has been identified in the TOTOLINK CP900 device, specifically within the UploadCustomModule function found in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to exploit a buffer overflow by manipulating the 'File' argument, potentially leading to unauthorized access and execution of malicious code. The vulnerability can be triggered remotely, posing significant risks to users and their networks. Despite early notification to the vendor regarding this issue, there has been no response, highlighting the urgency for users to secure their devices against possible attacks. It is imperative for system administrators to review their network configurations and apply necessary countermeasures to mitigate the risk associated with this vulnerability.",Totolink,Cp900,9.8,CRITICAL,0.0025100000202655792,false,false,false,true,true,false,false,2024-08-05T00:31:04.075Z,0
CVE-2022-28495,https://securityvulnerability.io/vulnerability/CVE-2022-28495,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"The TOTOLink outdoor CPE CP900, specifically the version V6.3c.566_B20171026, is susceptible to a command injection vulnerability in the setWebWlanIdx function. This issue arises due to improper validation of the webWlanIdx parameter, enabling attackers to send specially crafted requests that could lead to the execution of arbitrary commands on the device. Organizations using affected devices should evaluate their systems and implement appropriate security measures to mitigate any potential risks.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.005690000019967556,false,false,false,false,,false,false,2023-03-24T00:00:00.000Z,0
CVE-2022-28494,https://securityvulnerability.io/vulnerability/CVE-2022-28494,Command Injection Vulnerability in TOTOLink CPE CP900 Outdoor Product,"The TOTOLink outdoor CPE CP900 device is vulnerable to a command injection flaw in its setUpgradeFW function. This issue arises when the filename parameter is improperly sanitized, allowing attackers to construct a malicious request that executes arbitrary system commands on the vulnerable device. Exploitation of this vulnerability poses significant risks to the integrity and functionality of the affected device, potentially leading to unauthorized access and control.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.01360000018030405,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28491,https://securityvulnerability.io/vulnerability/CVE-2022-28491,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 by TOTOLink,"TOTOLink's outdoor CPE CP900 device is susceptible to a command injection flaw within the NTPSyncWithHost function. Attackers can exploit this vulnerability by submitting a specially crafted request that manipulates the host_name parameter, enabling them to execute arbitrary commands on the device. This poses a serious risk to network integrity and security, making it essential for users to apply necessary updates and safeguards to protect their systems from potential exploits.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.01360000018030405,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28496,https://securityvulnerability.io/vulnerability/CVE-2022-28496,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"TOTOLink CPE CP900 is vulnerable to command injection through the setPasswordCfg function. This vulnerability allows attackers to send specially crafted requests containing malicious commands via the adminuser and adminpass parameters. By exploiting this flaw, an attacker can execute arbitrary system commands, posing a significant risk to device integrity and network security.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.08950000256299973,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28497,https://securityvulnerability.io/vulnerability/CVE-2022-28497,Command Injection Vulnerability in TOTOLink Outdoor CPE CP900,"The TOTOLink Outdoor CPE CP900 version V6.3c.566_B20171026 has a command injection vulnerability present in the mtd_write_bootloader function. This weakness arises from improper handling of the filename parameter, allowing attackers to execute arbitrary commands by sending specially crafted requests to the device. Exploiting this vulnerability could lead to unauthorized access or control over the affected device, posing significant security risks for users.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.08950000256299973,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28493,https://securityvulnerability.io/vulnerability/CVE-2022-28493,Telnet Service Vulnerability in TOTOLINK CP900 Routers,"A security flaw in the TOTOLINK CP900 V6.3c.566 router permits unauthorized attackers to initiate the Telnet service, potentially compromising the device's integrity. This vulnerability can expose sensitive information and allow remote access, making it imperative for users to secure their devices against possible exploitation.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.013089999556541443,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0
CVE-2022-28492,https://securityvulnerability.io/vulnerability/CVE-2022-28492,Remote Login Bypass Vulnerability in TOTOLINK Technology Products,"A vulnerability exists in TOTOLINK Technology's CPE devices with firmware version V6.3c.566, allowing remote attackers to bypass authentication mechanisms. This enables potential unauthorized access, putting the sensitive information and operations at risk. Users are advised to apply security updates and review access controls to mitigate this threat.",Totolink,Cp900 Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-03-23T00:00:00.000Z,0