cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42545,https://securityvulnerability.io/vulnerability/CVE-2024-42545,Buffer Overflow Vulnerability in TOTOLINK A3700R Router Product by TOTOLINK,"The TOTOLINK A3700R v9.1.2u.5822_B20200513 is impacted by a buffer overflow vulnerability in the ssid parameter of the setWizardCfg function. This security flaw can be exploited by an attacker to cause unexpected behaviors, potentially leading to unauthorized access or denial of service. This highlights the importance of robust security practices and timely updates to safeguard affected devices from potential exploitations.",Totolink,A3700r Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-12T18:15:00.000Z,0
CVE-2024-42543,https://securityvulnerability.io/vulnerability/CVE-2024-42543,Buffer Overflow Vulnerability in TOTOLINK A3700R Product,"The TOTOLINK A3700R version 9.1.2u.5822_B20200513 is subject to a buffer overflow vulnerability in the loginauth function, specifically related to the http_host parameter. This vulnerability may allow an attacker to exploit memory allocation issues, potentially leading to unauthorized access or disruption of service. It's essential for users and administrators of the TOTOLINK A3700R to apply security measures and updates to mitigate risks associated with this vulnerability.",Totolink,A3700r Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-12T18:15:00.000Z,0
CVE-2024-7160,https://securityvulnerability.io/vulnerability/CVE-2024-7160,Command Injection Vulnerability in TOTOLINK A3700R Router,"A severe command injection vulnerability has been identified within the TOTOLINK A3700R router, specifically in the function setWanCfg located in the CGI script /cgi-bin/cstecgi.cgi. This flaw allows attackers to manipulate the hostName parameter, leading to remote command execution. The vulnerability poses a significant risk, as an attacker can exploit it without any authentication, potentially gaining control over the affected device. Immediate action is recommended to mitigate risk, as the potential for exploitation in the wild is high, especially given that this information has become publicly available.",Totolink,A3700r,8.8,HIGH,0.0020800000056624413,false,,false,false,true,2024-07-28T14:00:07.000Z,true,false,false,,2024-07-28T15:00:07.203Z,0
CVE-2024-7156,https://securityvulnerability.io/vulnerability/CVE-2024-7156,TOTOLINK A3700R Vulnerability Leads to Information Disclosure,"A significant vulnerability exists within the TOTOLINK A3700R, specifically in the /cgi-bin/ExportSettings.sh file associated with the apmib Configuration Handler. This flaw permits remote attackers to manipulate configuration settings, potentially leading to unauthorized information disclosure. The public disclosure of this exploit heightens the risk for users, particularly since no response was received from the vendor upon notification of the issue.",Totolink,A3700r,7.5,HIGH,0.0008399999933317304,false,,false,false,true,2024-07-28T09:31:04.000Z,true,false,false,,2024-07-28T10:31:04.509Z,0
CVE-2024-7154,https://securityvulnerability.io/vulnerability/CVE-2024-7154,Vulnerability in TOTOLINK A3700R Could Lead to Improper Access Controls,"A security vulnerability has been identified in the Password Reset Handler of the TOTOLINK A3700R router, affecting version 9.1.2u.5822_B20200513. The flaw resides within the file /wizard.html, where improper access controls can be exploited. Attackers may leverage this weakness to execute unauthorized actions remotely, thereby compromising the system’s security. The exploit for this vulnerability has been publicly disclosed, increasing the urgency for users and administrators to apply relevant security measures and updates as soon as possible.",Totolink,A3700r,7.5,HIGH,0.0011399999493733048,false,,false,false,true,2024-07-28T08:31:04.000Z,true,false,false,,2024-07-28T09:31:04.048Z,0
CVE-2024-37632,https://securityvulnerability.io/vulnerability/CVE-2024-37632,Stack Overflow Vulnerability in TOTOLINK A3700R by TOTOLINK,"The TOTOLINK A3700R router is reportedly susceptible to a stack overflow vulnerability through the password parameter in the loginAuth function. This flaw may allow an attacker to execute arbitrary code or cause a denial of service. By exploiting this vulnerability, unauthorized users could gain elevated privileges, posing significant security risks to the device and the networks it operates within. Users are encouraged to assess their systems and apply any available patches or updates to mitigate this risk.",Totolink,A3700r Firmware,9.8,CRITICAL,0.08810999989509583,false,,false,false,false,,,false,false,,2024-06-13T00:00:00.000Z,0
CVE-2024-37635,https://securityvulnerability.io/vulnerability/CVE-2024-37635,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router is susceptible to a stack overflow vulnerability that can be triggered via the 'ssid' parameter in the 'setWiFiBasicCfg' function. This security flaw could potentially allow an attacker to exploit the router, leading to unauthorized access or a denial of service. Proper configuration and timely updates are critical to mitigate associated risks.",Totolink,A3700r Firmware,9.8,CRITICAL,0.08585000038146973,false,,false,false,false,,,false,false,,2024-06-13T00:00:00.000Z,0
CVE-2024-22662,https://securityvulnerability.io/vulnerability/CVE-2024-22662,Stack Overflow Vulnerability in TOTOLINK Router Products,"A stack overflow vulnerability exists in the TOTOLINK A3700R router, specifically concerning the 'setParentalRules' function. This weakness could allow an attacker to exploit memory management issues within the device, potentially leading to unauthorized access or control over the router's functionalities. Users of affected versions should prioritize their security by applying relevant patches and scrutinizing configurations to mitigate risks associated with this vulnerability.",Totolink,A3700r Firmware,9.8,CRITICAL,0.0015800000401213765,false,,false,false,false,,,false,false,,2024-01-23T00:00:00.000Z,0
CVE-2024-22663,https://securityvulnerability.io/vulnerability/CVE-2024-22663,Command Injection Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router version V9.1.2u.6165_20211012 is exposed to a command injection vulnerability through the 'setOpModeCfg' function. This weakness allows an attacker to execute arbitrary commands on the device, which could lead to unauthorized access, data manipulation, or further network exploitation. It is essential for users to apply the necessary updates and implement security measures to mitigate potential threats arising from this vulnerability.",Totolink,A3700r Firmware,9.8,CRITICAL,0.5421199798583984,false,,false,false,false,,,false,false,,2024-01-23T00:00:00.000Z,0
CVE-2024-22660,https://securityvulnerability.io/vulnerability/CVE-2024-22660,Stack Overflow Vulnerability in TOTOLINK A3700R Products,"The TOTOLINK A3700R is affected by a stack overflow vulnerability through the setLanguageCfg function. This vulnerability allows an attacker to exploit the system's memory allocation by sending specially crafted input, potentially leading to remote code execution and manipulation of the device. This poses a significant risk for users relying on the security of their IoT devices, as unauthorized access can compromise device functionality and data integrity.",Totolink,A3700r Firmware,9.8,CRITICAL,0.0015800000401213765,false,,false,false,false,,,false,false,,2024-01-23T00:00:00.000Z,0
CVE-2023-48192,https://securityvulnerability.io/vulnerability/CVE-2023-48192,Arbitrary Code Execution Vulnerability in TOTOlink A3700R Router,"A vulnerability exists in TOTOlink A3700R routers that allows a local attacker to execute arbitrary code through the 'setTracerouteCfg' function. This may lead to unauthorized access and manipulation of device settings, posing significant risks to network security and user data integrity.",Totolink,A3700r Firmware,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-11-20T00:00:00.000Z,0
CVE-2023-46574,https://securityvulnerability.io/vulnerability/CVE-2023-46574,Remote Code Execution Vulnerability in TOTOLINK A3700R Router,"A security flaw exists in the TOTOLINK A3700R router that enables remote attackers to execute arbitrary code. This vulnerability can be exploited via the FileName parameter of the UploadFirmwareFile function, posing significant risks to device integrity and user data.",Totolink,A3700r Firmware,9.8,CRITICAL,0.1080000028014183,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-43141,https://securityvulnerability.io/vulnerability/CVE-2023-43141,Incorrect Access Control in TOTOLINK Routers by TOTOLINK,"TOTOLINK A3700R and N600R routers are susceptible to an incorrect access control vulnerability, which may allow unauthorized access to sensitive functions and data. This flaw can create significant security risks for home and office networks. Effective measures should be taken immediately to secure these devices and prevent unauthorized access.",Totolink,A3700r Firmware,9.8,CRITICAL,0.013869999907910824,false,,false,false,false,,,false,false,,2023-09-25T00:00:00.000Z,0
CVE-2022-36466,https://securityvulnerability.io/vulnerability/CVE-2022-36466,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has been found to be vulnerable to a stack overflow due to improper handling of the 'ip' parameter within the setDiagnosisCfg function. This flaw could allow an attacker to exploit the router by sending crafted input, potentially leading to remote code execution or unexpected behavior of the device. Administrators should apply updates and consider implementing security best practices to mitigate this risk.",Totolink,A3700r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:53:41.000Z,0
CVE-2022-36465,https://securityvulnerability.io/vulnerability/CVE-2022-36465,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has been identified to have a stack overflow vulnerability that can be exploited through the pppoeUser parameter. This flaw may allow attackers to execute arbitrary code, potentially compromising the device's security and user data. It is crucial for users to be aware of this vulnerability to safeguard their network environments.",Totolink,A3700r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:53:37.000Z,0
CVE-2022-36464,https://securityvulnerability.io/vulnerability/CVE-2022-36464,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has been identified with a stack overflow vulnerability that can be exploited through the sPort parameter in the function setIpPortFilterRules. This flaw could allow attackers to manipulate the router's settings or execute arbitrary code, potentially compromising the device's security and integrity.",Totolink,A3700r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:53:31.000Z,0
CVE-2022-36463,https://securityvulnerability.io/vulnerability/CVE-2022-36463,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has been found to be vulnerable to a stack overflow attack. This issue arises from improper handling of command parameters in the setTracerouteCfg function, which can potentially allow an attacker to exploit the vulnerability and execute arbitrary code on the affected router. Users are advised to update their device firmware immediately to mitigate this security risk.",Totolink,A3700r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:53:30.000Z,0
CVE-2022-36462,https://securityvulnerability.io/vulnerability/CVE-2022-36462,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has been found to exhibit a stack overflow vulnerability due to improper handling of the lang parameter in the setLanguageCfg function. This flaw can potentially allow an attacker to execute arbitrary code or disrupt the device's functionality, highlighting the importance of implementing effective security measures to mitigate such risks.",Totolink,A3700r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:53:29.000Z,0
CVE-2022-36461,https://securityvulnerability.io/vulnerability/CVE-2022-36461,Command Injection Vulnerability in TOTOLINK A3700R Router,"A command injection vulnerability exists in the TOTOLINK A3700R router, allowing unauthorized attackers to execute arbitrary commands on the device. This security flaw can be exploited via the hostName parameter in the setOpModeCfg function, posing significant risks to network integrity and user data.",Totolink,A3700r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:53:28.000Z,0
CVE-2022-36459,https://securityvulnerability.io/vulnerability/CVE-2022-36459,Command Injection Vulnerability in TOTOLINK A3700R Router,"A command injection vulnerability exists in the TOTOLINK A3700R router, specifically through the 'host_time' parameter in the NTPSyncWithHost function. This flaw allows an attacker to execute arbitrary commands on the device, which could lead to unauthorized access and potential manipulation of network settings. Users are advised to update their firmware to the latest version to mitigate the risk associated with this vulnerability.",Totolink,A3700r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:53:27.000Z,0
CVE-2022-36460,https://securityvulnerability.io/vulnerability/CVE-2022-36460,Command Injection Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router firmware version V9.1.2u.6134_B20201202 is vulnerable to a command injection flaw due to improper handling of input parameters. Specifically, the vulnerability is exploited through the FileName parameter in the UploadFirmwareFile function, allowing attackers to execute arbitrary commands on the affected device. This type of vulnerability can lead to unauthorized access and compromise the integrity of the router and the network it operates within.",Totolink,A3700r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:53:27.000Z,0
CVE-2022-36458,https://securityvulnerability.io/vulnerability/CVE-2022-36458,Command Injection Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router has a vulnerability that allows an attacker to execute arbitrary commands through the command parameter in the setTracerouteCfg function. This exploit can result in unauthorized access and control over the device, potentially compromising the network's integrity and confidentiality.",Totolink,A3700r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:53:26.000Z,0