cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7173,https://securityvulnerability.io/vulnerability/CVE-2024-7173,Buffer Overflow in TOTOLINK A3600R Router Firmware,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A3600R router firmware, specifically in the loginauth function accessed through the cgi-bin/cstecgi.cgi file. This flaw arises from improper handling of input arguments, namely 'password' and 'http_host', allowing for a malicious actor to exploit the vulnerability remotely. The lack of vendor response to disclosed reports raises concerns regarding timely patching, emphasizing the need for users to be vigilant about securing their devices against potential attacks. Users of the affected firmware are strongly encouraged to apply necessary updates or implement additional security measures to safeguard their network.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2024-07-29T00:15:00.000Z,0
CVE-2024-7174,https://securityvulnerability.io/vulnerability/CVE-2024-7174,Buffer Overflow in TOTOLINK A3600R Device Management,"A significant buffer overflow vulnerability has been identified in the TOTOLINK A3600R, specifically within the function setdeviceName located in the cstecgi.cgi script. This flaw arises when improper validation is applied to the input parameters deviceMac and deviceName, enabling attackers to manipulate these arguments and execute arbitrary code remotely. Despite early disclosure to the vendor, no response has been received regarding a fix or patch, leaving users of this model at risk of exploitation. The vulnerability underscores the necessity for diligent security practices in device management systems.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-29T00:15:00.000Z,0
CVE-2024-7171,https://securityvulnerability.io/vulnerability/CVE-2024-7171,Remote Code Execution Vulnerability in TOTOLINK A3600R,"A significant security vulnerability has been identified in the TOTOLINK A3600R device, specifically in the function NTPSyncWithHost located in the cgi script /cgi-bin/cstecgi.cgi. This flaw allows for OS command injection through the manipulation of the 'hostTime' argument. The vulnerability can be exploited remotely, enabling attackers to execute arbitrary commands on the device. The exploit details have been disclosed publicly, raising serious security concerns for users of this device. It is imperative for affected users to secure their systems and monitor for unusual activities, as the vendor has not yet addressed this critical issue.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0020600000862032175,false,,false,false,false,,,false,false,,2024-07-28T23:15:00.000Z,0
CVE-2024-7172,https://securityvulnerability.io/vulnerability/CVE-2024-7172,Buffer Overflow Vulnerability in TOTOLINK A3600R,"A critical vulnerability has been identified in the TOTOLINK A3600R router that affects the functionality of the 'getSaveConfig' command located at /cgi-bin/cstecgi.cgi?action=save&setting. The exploit occurs through manipulation of the 'http_host' argument, which leads to a buffer overflow condition. This vulnerability can be exploited remotely, allowing attackers to execute arbitrary code and potentially gain unauthorized access to network configurations. This issue has been disclosed publicly; however, there has been no response from the vendor despite early notification. It is crucial for users of the impacted version to take immediate action to mitigate risks associated with this vulnerability.",TOTOLINK,A3600r Firmware,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2024-07-28T23:15:00.000Z,0
CVE-2022-36455,https://securityvulnerability.io/vulnerability/CVE-2022-36455,Command Injection Vulnerability in TOTOLink A3600R Router,"A command injection vulnerability exists in the TOTOLink A3600R router, specifically via the 'username' parameter in '/cstecgi.cgi'. This flaw can allow attackers to execute arbitrary commands on the router's operating system, potentially compromising network security and integrity. Users of the A3600R device should be aware of this risk and take immediate action to mitigate potential exploits.",Totolink,A3600r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:06:06.000Z,0
CVE-2022-34993,https://securityvulnerability.io/vulnerability/CVE-2022-34993,Hardcoded Password Vulnerability in Totolink A3600R Firmware,"The Totolink A3600R Firmware version V4.1.2cu.5182_B20201102 contains a significant security flaw characterized by the presence of a hardcoded password for the root user located in /etc/shadow.sample. This vulnerability could allow unauthorized users to gain elevated privileges, potentially compromising the integrity and confidentiality of the device and its data. Users of this firmware version should take immediate action to secure their devices from potential exploitation.",Totolink,A3600r Firmware,9.8,CRITICAL,0.014759999699890614,false,,false,false,false,,,false,false,,2022-08-04T18:59:07.000Z,0
CVE-2022-29377,https://securityvulnerability.io/vulnerability/CVE-2022-29377,Stack Overflow Vulnerability in Totolink A3600R Router,"The Totolink A3600R router has been identified with a stack overflow vulnerability in the fread function located at infostat.cgi. This issue arises due to improper handling of the CONTENT_LENGTH parameter, which can be exploited by attackers to induce a Denial of Service (DoS). By manipulating this parameter, unauthorized users could overwhelm the device, rendering it inoperative and disrupt network services.",Totolink,A3600r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-24T01:24:07.000Z,0
CVE-2022-25078,https://securityvulnerability.io/vulnerability/CVE-2022-25078,Command Injection Vulnerability in TOTOLink A3600R Router,"The TOTOLink A3600R router has a security flaw where a command injection vulnerability exists in the 'Main' function. Attackers can exploit this flaw to execute unauthorized commands through the QUERY_STRING parameter, potentially compromising the device's security and integrity.",Totolink,A3600r Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0