cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7187,https://securityvulnerability.io/vulnerability/CVE-2024-7187,Security Vulnerability in TOTOLINK A3600R 4.1.2cu.5182 Could Allow Remote Exploitation,"A buffer overflow vulnerability has been identified in the TOTOLINK A3600R Router, specifically within the UploadCustomModule function located in the /cgi-bin/cstecgi.cgi file. This vulnerability occurs due to improper handling of the File argument, which can be manipulated to cause a buffer overflow condition. Attackers can exploit this vulnerability remotely, potentially compromising the device's functionality and security. The vulnerability has been publicly disclosed, and the vendor has not acknowledged the issue despite early communication attempts. Users of the affected firmware version are advised to take necessary precautions to safeguard their devices.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T05:31:04.000Z,true,false,false,,2024-07-29T06:31:04.399Z,0
CVE-2024-7186,https://securityvulnerability.io/vulnerability/CVE-2024-7186,Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A critical security flaw has been identified in the TOTOLINK A3600R router, specifically within the function responsible for adding WiFi access control list (ACL) configurations. The vulnerability arises from improper handling of the 'comment' argument in the /cgi-bin/cstecgi.cgi file, leading to a buffer overflow. This flaw allows attackers to execute remote code, potentially compromising the device's security. The issue has been publicly disclosed, and the vendor has not responded to initial reports, making it essential for users to take immediate action to secure their systems.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T05:00:09.000Z,true,false,false,,2024-07-29T06:00:09.895Z,0
CVE-2024-7185,https://securityvulnerability.io/vulnerability/CVE-2024-7185,Buffer Overflow Vulnerability in TOTOLINK A3600R Router Firmware,"A serious vulnerability has been identified in the TOTOLINK A3600R router firmware version 4.1.2cu.5182_B20201102, specifically affecting the function setWebWlanIdx within the CGI file /cgi-bin/cstecgi.cgi. This flaw allows an attacker to manipulate the webWlanIdx argument, leading to a potential buffer overflow. The exploitation of this vulnerability can be executed remotely, posing significant risks to users. Despite early notifications to the vendor about this issue, no response was received, indicating a lack of support for affected users.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T04:31:03.000Z,true,false,false,,2024-07-29T05:31:03.591Z,0
CVE-2024-7184,https://securityvulnerability.io/vulnerability/CVE-2024-7184,Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A serious vulnerability has been identified in the TOTOLINK A3600R router, specifically in the function 'setUrlFilterRules' located in the '/cgi-bin/cstecgi.cgi' file. This vulnerability allows attackers to manipulate the 'url' argument, causing a buffer overflow, which may potentially lead to compromise. The exploit can be executed remotely, raising significant security concerns for users of this router model. Disclosure of this exploit has already occurred publicly, prompting an urgent need for effective patching and remediation. Reports indicate that the vendor has been alerted about this issue but has not responded, leaving users exposed to potential attacks. Securing devices and monitoring for unusual activities is recommended for affected users.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T04:00:07.000Z,true,false,false,,2024-07-29T05:00:07.143Z,0
CVE-2024-7183,https://securityvulnerability.io/vulnerability/CVE-2024-7183,Remote Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A vulnerability has been identified in the TOTOLINK A3600R router, specifically within the setUploadSetting function found in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate the FileName argument, resulting in a buffer overflow condition. The vulnerability can be exploited remotely, meaning that attackers do not need physical access to the device to initiate an attack. The exploit, which was disclosed publicly, poses a significant security risk, particularly for users of the affected version 4.1.2cu.5182_B20201102. The vendor was alerted about this issue but failed to respond, leading to concerns regarding user safety and potential exploitation. It is advised for users to monitor their devices and apply any available updates or mitigations to safeguard against potential attacks.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T03:31:04.000Z,true,false,false,,2024-07-29T04:31:04.254Z,0
CVE-2024-7182,https://securityvulnerability.io/vulnerability/CVE-2024-7182,Buffer Overflow Vulnerability in TOTOLINK A3600R Firmware,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router firmware version 4.1.2cu.5182_B20201102, specifically affecting the setUpgradeFW function within the cstecgi.cgi file. This vulnerability arises from improper handling of the FileName argument, allowing an attacker to exploit it remotely. Given the nature of this vulnerability, it could lead to unauthorized access or control over affected devices. Despite attempts to notify the vendor prior to disclosure, there has been no response. The exploitation of this vulnerability poses a significant risk to the security of affected systems and needs immediate attention.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T03:00:06.000Z,true,false,false,,2024-07-29T04:00:06.814Z,0
CVE-2024-7181,https://securityvulnerability.io/vulnerability/CVE-2024-7181,Remote Command Injection in TOTOLINK A3600R Network Device,"A serious command injection vulnerability has been identified in the TOTOLINK A3600R device, specifically within the setTelnetCfg function of the cstecgi.cgi file. An attacker can exploit this vulnerability by manipulating the 'telnet_enabled' argument, enabling unauthorized command execution. This issue allows remote attackers to gain access and potentially execute arbitrary code, compromising device integrity and network security. It is paramount for users and administrators of affected products to assess their current security measures and apply necessary updates or mitigations to protect their information systems.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T02:31:04.000Z,true,false,false,,2024-07-29T03:31:04.422Z,0
CVE-2024-7180,https://securityvulnerability.io/vulnerability/CVE-2024-7180,Remote Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A significant security flaw has been identified in the TOTOLINK A3600R router, specifically affecting version 4.1.2cu.5182_B20201102. This vulnerability arises from a buffer overflow in the setPortForwardRules function located in /cgi-bin/cstecgi.cgi. Malicious actors can exploit this flaw remotely by manipulating arguments, specifically the 'comment' parameter, which may lead to unauthorized access and potential system control. The vulnerability has already been disclosed publicly, raising the urgency for users to implement protective measures. Unfortunately, despite early communication attempts regarding this threat, the vendor has not responded, leaving users at risk until a patch or guidance is provided.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T02:00:09.000Z,true,false,false,,2024-07-29T03:00:09.470Z,0
CVE-2024-7179,https://securityvulnerability.io/vulnerability/CVE-2024-7179,Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A serious buffer overflow vulnerability has been identified in the TOTOLINK A3600R router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. The vulnerability arises from improper handling of the startTime and endTime parameters, allowing attackers to manipulate these arguments. This vulnerability can be exploited remotely, potentially leading to unauthorized access and control over the device. The TOTOLINK vendor was alerted about this vulnerability prior to its public disclosure but failed to respond. Users of the affected version are strongly advised to take precautions and apply necessary updates to safeguard their networks.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T01:31:03.000Z,true,false,false,,2024-07-29T02:31:03.995Z,0
CVE-2024-7178,https://securityvulnerability.io/vulnerability/CVE-2024-7178,Buffer Overflow Vulnerability in TOTOLINK A3600R Router,"A significant security flaw has been identified in the TOTOLINK A3600R router specifically related to the setMacQos function located in /cgi-bin/cstecgi.cgi. This vulnerability occurs due to improper handling of input parameters, primarily the 'priority' and 'macAddress', leading to a buffer overflow. Such an overflow can be exploited remotely, allowing attackers to potentially execute arbitrary code on the affected device. The absence of a timely response from the vendor raises concerns about the readiness and commitment to address these critical security issues, making it essential for users of this router model to take immediate defensive actions.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T01:00:08.000Z,true,false,false,,2024-07-29T02:00:08.334Z,0
CVE-2024-7177,https://securityvulnerability.io/vulnerability/CVE-2024-7177,Buffer Overflow Weakness in TOTOLINK A3600R Devices,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router, specifically in the setLanguageCfg function located in the /cgi-bin/cstecgi.cgi file. This flaw arises from improper handling of the langType argument, allowing an attacker to exploit the vulnerability remotely. If successfully executed, this exploit could lead to unauthorized access and control over the affected device. Public disclosure of the vulnerability has occurred, underlining the urgent need for users to apply necessary patches and mitigations. Notably, the vendor has not responded to early disclosure attempts, emphasizing the importance of proactive security measures.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T00:31:03.000Z,true,false,false,,2024-07-29T01:31:03.907Z,0
CVE-2024-7176,https://securityvulnerability.io/vulnerability/CVE-2024-7176,Buffer Overflow Vulnerability in TOTOLINK A3600R Could Lead to Remote Code Execution,"A vulnerability has been identified in the TOTOLINK A3600R router, specifically within the function setIpQosRules located in the /cgi-bin/cstecgi.cgi file. This vulnerability is the result of improper handling of user input in the 'comment' argument, leading to a buffer overflow condition. An attacker can exploit this flaw remotely, without requiring physical access to the device. Public disclosure of this vulnerability indicates that it is actively being targeted, emphasizing the urgency for users to apply necessary precautions or updates to mitigate potential risks.",Totolink,A3600r,8.8,HIGH,0.0006600000197067857,false,,false,false,true,2024-07-29T00:01:19.000Z,true,false,false,,2024-07-29T01:01:19.532Z,0
CVE-2024-7175,https://securityvulnerability.io/vulnerability/CVE-2024-7175,OS Command Injection Vulnerability in TOTOLINK A3600R,"A serious OS command injection vulnerability has been discovered in the TOTOLINK A3600R router, specifically affecting version 4.1.2cu.5182_B20201102. The vulnerability is located within the setDiagnosisCfg function of the cgi-bin/cstecgi.cgi script, where the manipulation of the 'ipDoamin' argument can lead to arbitrary command execution on the underlying operating system. This issue is particularly alarming as it can be exploited remotely, allowing malicious actors to execute commands without physical access to the device. It's important for users of affected products to implement immediate security measures and stay informed about available patches or mitigations, as the exploit has been publicly disclosed and could be leveraged in attacks targeting unsecured devices.",Totolink,A3600r,8.8,HIGH,0.0009500000160187483,false,,false,false,true,2024-07-28T23:31:04.000Z,true,false,false,,2024-07-29T00:31:04.158Z,0
CVE-2024-7174,https://securityvulnerability.io/vulnerability/CVE-2024-7174,Buffer Overflow in TOTOLINK A3600R Device Management,"A significant buffer overflow vulnerability has been identified in the TOTOLINK A3600R, specifically within the function setdeviceName located in the cstecgi.cgi script. This flaw arises when improper validation is applied to the input parameters deviceMac and deviceName, enabling attackers to manipulate these arguments and execute arbitrary code remotely. Despite early disclosure to the vendor, no response has been received regarding a fix or patch, leaving users of this model at risk of exploitation. The vulnerability underscores the necessity for diligent security practices in device management systems.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-29T00:15:00.000Z,0
CVE-2024-7173,https://securityvulnerability.io/vulnerability/CVE-2024-7173,Buffer Overflow in TOTOLINK A3600R Router Firmware,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router firmware, specifically in the loginauth function accessed through the cgi-bin/cstecgi.cgi file. This flaw arises from improper handling of input arguments, namely 'password' and 'http_host', allowing for a malicious actor to exploit the vulnerability remotely. The lack of vendor response to disclosed reports raises concerns regarding timely patching, emphasizing the need for users to be vigilant about securing their devices against potential attacks. Users of the affected firmware are strongly encouraged to apply necessary updates or implement additional security measures to safeguard their network.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-29T00:15:00.000Z,0
CVE-2024-7172,https://securityvulnerability.io/vulnerability/CVE-2024-7172,Buffer Overflow Vulnerability in TOTOLINK A3600R,"A critical vulnerability has been identified in the TOTOLINK A3600R router that affects the functionality of the 'getSaveConfig' command located at /cgi-bin/cstecgi.cgi?action=save&setting. The exploit occurs through manipulation of the 'http_host' argument, which leads to a buffer overflow condition. This vulnerability can be exploited remotely, allowing attackers to execute arbitrary code and potentially gain unauthorized access to network configurations. This issue has been disclosed publicly; however, there has been no response from the vendor despite early notification. It is crucial for users of the impacted version to take immediate action to mitigate risks associated with this vulnerability.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-28T23:15:00.000Z,0
CVE-2024-7171,https://securityvulnerability.io/vulnerability/CVE-2024-7171,Remote Code Execution Vulnerability in TOTOLINK A3600R,"A significant security vulnerability has been identified in the TOTOLINK A3600R device, specifically in the function NTPSyncWithHost located in the cgi script /cgi-bin/cstecgi.cgi. This flaw allows for OS command injection through the manipulation of the 'hostTime' argument. The vulnerability can be exploited remotely, enabling attackers to execute arbitrary commands on the device. The exploit details have been disclosed publicly, raising serious security concerns for users of this device. It is imperative for affected users to secure their systems and monitor for unusual activities, as the vendor has not yet addressed this critical issue.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2024-07-28T23:15:00.000Z,0
CVE-2024-7159,https://securityvulnerability.io/vulnerability/CVE-2024-7159,TOTOLINK A3600R Vulnerability: Hard-coded Password Exposed,"A significant vulnerability has been identified in the TOTOLINK A3600R model, specifically in the Telnet Service component. This issue arises from the use of a hard-coded password within the file located at /web_cste/cgi-bin/product.ini. The existence of this hard-coded credential poses a severe security risk, as it allows unauthorized access to the device. Public disclosure of the exploit has raised concerns, particularly given that the vendor has not provided a response to the initial notification regarding this vulnerability. Organizations using affected versions are advised to assess their risk and consider mitigation strategies to safeguard their networks.",Totolink,A3600r,8.8,HIGH,0.0005000000237487257,false,,false,false,true,2024-07-28T13:31:06.000Z,true,false,false,,2024-07-28T14:31:06.336Z,0
CVE-2022-36455,https://securityvulnerability.io/vulnerability/CVE-2022-36455,Command Injection Vulnerability in TOTOLink A3600R Router,"A command injection vulnerability exists in the TOTOLink A3600R router, specifically via the 'username' parameter in '/cstecgi.cgi'. This flaw can allow attackers to execute arbitrary commands on the router's operating system, potentially compromising network security and integrity. Users of the A3600R device should be aware of this risk and take immediate action to mitigate potential exploits.",Totolink,A3600r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:06:06.000Z,0
CVE-2022-34993,https://securityvulnerability.io/vulnerability/CVE-2022-34993,Hardcoded Password Vulnerability in Totolink A3600R Firmware,"The Totolink A3600R Firmware version V4.1.2cu.5182_B20201102 contains a significant security flaw characterized by the presence of a hardcoded password for the root user located in /etc/shadow.sample. This vulnerability could allow unauthorized users to gain elevated privileges, potentially compromising the integrity and confidentiality of the device and its data. Users of this firmware version should take immediate action to secure their devices from potential exploitation.",Totolink,A3600r Firmware,9.8,CRITICAL,0.014759999699890614,false,,false,false,false,,,false,false,,2022-08-04T18:59:07.000Z,0
CVE-2022-29377,https://securityvulnerability.io/vulnerability/CVE-2022-29377,Stack Overflow Vulnerability in Totolink A3600R Router,"The Totolink A3600R router has been identified with a stack overflow vulnerability in the fread function located at infostat.cgi. This issue arises due to improper handling of the CONTENT_LENGTH parameter, which can be exploited by attackers to induce a Denial of Service (DoS). By manipulating this parameter, unauthorized users could overwhelm the device, rendering it inoperative and disrupt network services.",Totolink,A3600r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-24T01:24:07.000Z,0
CVE-2022-25078,https://securityvulnerability.io/vulnerability/CVE-2022-25078,Command Injection Vulnerability in TOTOLink A3600R Router,"The TOTOLink A3600R router has a security flaw where a command injection vulnerability exists in the 'Main' function. Attackers can exploit this flaw to execute unauthorized commands through the QUERY_STRING parameter, potentially compromising the device's security and integrity.",Totolink,A3600r Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0