cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42739,https://securityvulnerability.io/vulnerability/CVE-2024-42739,OS Command Injection Vulnerability in TOTOLINK X5000r,"The TOTOLINK X5000r contains an OS command injection vulnerability located in the /cgi-bin/cstecgi.cgi file. This vulnerability affects version v9.1.0cu.2350_b20230313 and allows authenticated attackers to send specially crafted packets. This could enable the execution of arbitrary commands on the device, posing significant risks to the security and operational integrity of the affected systems.",Totolink,X5000r Firmware,8.8,HIGH,0.001500000013038516,false,false,false,false,,false,false,2024-08-13T00:00:00.000Z,0
CVE-2024-42738,https://securityvulnerability.io/vulnerability/CVE-2024-42738,OS Command Injection in TOTOLINK X5000r Router,"An OS command injection vulnerability exists in the TOTOLINK X5000r router version 9.1.0cu.2350_b20230313, specifically in the /cgi-bin/cstecgi.cgi file's setDmzCfg function. This flaw enables authenticated attackers to send specially crafted packets to the router, allowing for the execution of arbitrary commands on the host operating system. To mitigate potential risks, users should apply firmware updates and implement robust security measures to safeguard their network environments.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-13T00:00:00.000Z,0
CVE-2024-42737,https://securityvulnerability.io/vulnerability/CVE-2024-42737,OS Command Injection Vulnerability in TOTOLINK X5000r from TOTOLINK,"The TOTOLINK X5000r router has a significant OS command injection vulnerability located in the delBlacklist endpoint of its CGI script. This vulnerability allows authenticated attackers to exploit the flaw by sending crafted packets that can execute arbitrary commands on the underlying operating system. As a result, the integrity and confidentiality of the device and network may be severely compromised. Users of affected firmware versions should take immediate action to mitigate potential risks.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-13T00:00:00.000Z,0
CVE-2024-42744,https://securityvulnerability.io/vulnerability/CVE-2024-42744,OS Command Injection Vulnerability in TOTOLINK X5000r Product,"An OS command injection vulnerability exists in the TOTOLINK X5000r router, specifically in the /cgi-bin/cstecgi.cgi file within the setModifyVpnUser function. This vulnerability allows authenticated attackers to send specially crafted packets, which can lead to the execution of arbitrary commands on the system. The presence of this vulnerability poses a significant risk as it could enable unauthorized access to sensitive functionalities, ultimately compromising the security of the affected device.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42743,https://securityvulnerability.io/vulnerability/CVE-2024-42743,OS Command Injection Vulnerability in TOTOLINK X5000r by TOTOLINK,"The TOTOLINK X5000r version 9.1.0cu.2350_b20230313 contains a significant security flaw within the /cgi-bin/cstecgi.cgi script, specifically in the setSyslogCfg function. This vulnerability allows authenticated attackers to craft and send malicious packets, leading to the potential execution of arbitrary commands on the affected system. Such exploitation can compromise the security and functionality of the device, emphasizing the importance of timely updates and protective measures.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42748,https://securityvulnerability.io/vulnerability/CVE-2024-42748,OS Command Injection Vulnerability in TOTOLINK X5000r Device,"The TOTOLINK X5000r, specifically version 9.1.0cu.2350_b20230313, is susceptible to an OS command injection vulnerability found in the CGI script /cgi-bin/cstecgi.cgi. This vulnerability allows authenticated attackers to send crafted packets to the 'setWiFiWpsCfg' function, leading to the execution of arbitrary commands on the device. Exploitation of this flaw could result in various unauthorized actions being performed on the affected system, necessitating immediate attention and remediation.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42741,https://securityvulnerability.io/vulnerability/CVE-2024-42741,OS Command Injection Vulnerability in TOTOLINK X5000r by TOTOLINK,"The vulnerability in TOTOLINK X5000r version 9.1.0cu.2350_b20230313 lies within the /cgi-bin/cstecgi.cgi file, specifically in the setL2tpServerCfg function. This flaw allows authenticated attackers to exploit the system by sending specially crafted packets that execute arbitrary commands on the server. Such vulnerabilities can lead to unauthorized access and control over the affected devices, posing significant risks to network security and integrity.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42742,https://securityvulnerability.io/vulnerability/CVE-2024-42742,OS Command Injection Vulnerability in TOTOLINK X5000r Product,"The TOTOLINK X5000r router is vulnerable due to an OS command injection flaw in the /cgi-bin/cstecgi.cgi component. Specifically, the issue arises within the setUrlFilterRules function, allowing authenticated attackers to exploit the vulnerability by crafting malicious packets. Successful exploitation can lead to the execution of arbitrary commands, posing significant risks to the device and potentially compromising its integrity and confidentiality.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42747,https://securityvulnerability.io/vulnerability/CVE-2024-42747,OS Command Injection Vulnerability in TOTOLINK X5000r Router,"The TOTOLINK X5000r Router, specifically version v9.1.0cu.2350_b20230313, is subject to an OS command injection vulnerability located in the /cgi-bin/cstecgi.cgi file, more specifically within the setWanIeCfg function. This flaw enables authenticated attackers to craft and send malicious packets that can lead to the execution of arbitrary commands on the affected device. Such exploitation could compromise the integrity and confidentiality of the router, potentially allowing unauthorized access and control over network configurations.",Totolink,X5000r Firmware,8.8,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-42745,https://securityvulnerability.io/vulnerability/CVE-2024-42745,OS Command Injection Vulnerability in TOTOLINK X5000r Product,"The vulnerability in the TOTOLINK X5000r relates to the file /cgi-bin/cstecgi.cgi, which exposes an OS command injection flaw within the setUPnPCfg function. This issue enables authenticated attackers to craft and send malicious packets to the device, potentially allowing them to execute arbitrary commands on the system. Such exploitations can lead to unauthorized access and compromise the integrity of the affected device, posing a significant risk to network security.",Totolink,X5000r Firmware,8.8,HIGH,0.001500000013038516,false,false,false,false,,false,false,2024-08-12T20:15:00.000Z,0
CVE-2024-28639,https://securityvulnerability.io/vulnerability/CVE-2024-28639,Buffer Overflow Vulnerability in TOTOLink X5000R and A7000R Products,"The buffer overflow vulnerability present in certain versions of TOTOLink X5000R and A7000R products facilitates an exploit that may enable remote attackers to execute arbitrary code, potentially leading to a denial of service (DoS). This vulnerability is specifically notable in the handling of the IP field, making it critical for users to secure their devices against potential exploits.",Totolink,X5000r Firmware,9.8,CRITICAL,0.06419999897480011,false,false,false,false,,false,false,2024-03-16T00:00:00.000Z,0
CVE-2024-25468,https://securityvulnerability.io/vulnerability/CVE-2024-25468,Remote Denial of Service Vulnerability in TOTOLINK X5000R,"A vulnerability exists in the TOTOLINK X5000R version V.9.1.0u.6369_B20230113, where a remote attacker can exploit the host_time parameter within the NTPSyncWithHost component. This allows unauthorized users to cause a denial of service, ultimately disrupting the system's operations. Proper measures should be taken to mitigate this vulnerability to ensure system integrity and availability.",TOTOLINK,X5000r Firmware,7.5,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-02-17T00:00:00.000Z,0
CVE-2023-36947,https://securityvulnerability.io/vulnerability/CVE-2023-36947,,TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.,Totolink,X5000r Firmware,9.8,CRITICAL,0.0013299999991431832,false,false,false,false,,false,false,2023-10-16T05:15:00.000Z,0
CVE-2023-45984,https://securityvulnerability.io/vulnerability/CVE-2023-45984,,TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.,Totolink,X5000r Firmware,9.8,CRITICAL,0.0013299999991431832,false,false,false,false,,false,false,2023-10-16T00:00:00.000Z,0
CVE-2023-36950,https://securityvulnerability.io/vulnerability/CVE-2023-36950,,TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.,Totolink,X5000r Firmware,9.8,CRITICAL,0.0013299999991431832,false,false,false,false,,false,false,2023-10-16T00:00:00.000Z,0
CVE-2023-45985,https://securityvulnerability.io/vulnerability/CVE-2023-45985,,TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.,Totolink,X5000r Firmware,7.5,HIGH,0.0005699999746866524,false,false,false,false,,false,false,2023-10-16T00:00:00.000Z,0
CVE-2023-39618,https://securityvulnerability.io/vulnerability/CVE-2023-39618,,TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.,Totolink,X5000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-08-21T02:15:00.000Z,0
CVE-2023-39617,https://securityvulnerability.io/vulnerability/CVE-2023-39617,,TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.,Totolink,X5000r Firmware,9.8,CRITICAL,0.0031900000758469105,false,false,false,false,,false,false,2023-08-21T02:15:00.000Z,0
CVE-2023-31569,https://securityvulnerability.io/vulnerability/CVE-2023-31569,Command Injection in TOTOLINK X5000R Router,"The TOTOLINK X5000R router version V9.1.0cu.2350_B20230313 is vulnerable to a command injection attack through the setWanCfg function. This vulnerability allows attackers to execute arbitrary commands on the system, potentially compromising the security and integrity of the affected device and any connected network. Users are advised to update their firmware and apply necessary security measures to mitigate risks associated with this vulnerability.",Totolink,X5000r Firmware,9.8,CRITICAL,0.002899999963119626,false,false,false,false,,false,false,2023-06-06T00:00:00.000Z,0
CVE-2023-33485,https://securityvulnerability.io/vulnerability/CVE-2023-33485,Buffer Overflow Vulnerability in TOTOLINK X5000R Devices,"The TOTOLINK X5000R devices, specifically versions V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113, are susceptible to a post-authentication buffer overflow. This vulnerability arises from improper handling of parameters sPort/ePort in the addEffect function, potentially allowing an attacker to execute arbitrary code and compromise the device.",Totolink,X5000r Firmware,8.8,HIGH,0.0008299999753944576,false,false,false,false,,false,false,2023-05-31T00:00:00.000Z,0
CVE-2023-33487,https://securityvulnerability.io/vulnerability/CVE-2023-33487,Command Insertion Vulnerability in TOTOLINK X5000R Router Products,"The TOTOLINK X5000R router models V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 are susceptible to a command insertion vulnerability found in the setDiagnosisCfg function. This flaw arises due to improper handling of the 'ip' parameter, allowing an unauthorized attacker to inject and execute arbitrary commands on the affected device. If exploited, this vulnerability could lead to potential security breaches and unauthorized access to sensitive information.",Totolink,X5000r Firmware,9.8,CRITICAL,0.0057299998588860035,false,false,false,false,,false,false,2023-05-31T00:00:00.000Z,0
CVE-2023-33486,https://securityvulnerability.io/vulnerability/CVE-2023-33486,Command Insertion Vulnerability in TOTOLINK X5000R Router Products,"The TOTOLINK X5000R routers in versions V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 are susceptible to a command insertion flaw. This vulnerability is linked to the 'hostName' parameter within the setOpModeCfg function, which permits attackers to execute arbitrary commands remotely. The existence of this vulnerability could potentially compromise the integrity and availability of the affected devices, exposing them to various cyber threats. It is crucial for users of the affected models to apply necessary updates or patches to mitigate this risk.",Totolink,X5000r Firmware,9.8,CRITICAL,0.0057299998588860035,false,false,false,false,,false,false,2023-05-31T00:00:00.000Z,0
CVE-2023-30013,https://securityvulnerability.io/vulnerability/CVE-2023-30013,Command Injection Vulnerability in TOTOLINK X5000R Wireless Router,"TOTOLINK's X5000R wireless router firmware versions V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 are affected by a command insertion vulnerability within the setTracerouteCfg function. This flaw enables an attacker to execute arbitrary shell commands through the 'command' parameter, potentially compromising the device's security and integrity.",Totolink,X5000r Firmware,9.8,CRITICAL,0.9682300090789795,false,false,false,false,,false,false,2023-05-05T00:00:00.000Z,0
CVE-2022-27004,https://securityvulnerability.io/vulnerability/CVE-2022-27004,,Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.,Totolink,X5000r Firmware,9.8,CRITICAL,0.012550000101327896,false,false,false,false,,false,false,2022-03-15T21:56:36.000Z,0
CVE-2022-27005,https://securityvulnerability.io/vulnerability/CVE-2022-27005,,Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.,Totolink,X5000r Firmware,9.8,CRITICAL,0.012550000101327896,false,false,false,false,,false,false,2022-03-15T21:56:35.000Z,0