cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7213,https://securityvulnerability.io/vulnerability/CVE-2024-7213,Buffer Overflow Vulnerability Detected in TOTOLINK A7000R Router,"A critical buffer overflow vulnerability has been identified in the TOTOLINK A7000R router, affecting version 9.1.0u.6268_B20220504. The issue lies within the setWizardCfg function located in the /cgi-bin/cstecgi.cgi file. By manipulating the argument 'ssid', an attacker can exploit this vulnerability remotely, potentially compromising the device's security. This exploit has already been made public, raising significant concerns regarding its potential use in cyberattacks. Notably, the vendor has not responded to prior disclosures of this issue, emphasizing the need for immediate action by users to secure their devices.",TOTOLINK,A7000r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-30T03:15:00.000Z,0
CVE-2024-7212,https://securityvulnerability.io/vulnerability/CVE-2024-7212,Buffer Overflow Vulnerability in TOTOLINK A7000R,"A significant buffer overflow vulnerability has been identified in the TOTOLINK A7000R router, specifically affecting version 9.1.0u.6268_B20220504. This vulnerability occurs in the loginauth function of the cstecgi.cgi file, where improper handling of the password argument can lead to unintended memory access and potential remote code execution. As the issue has been publicly disclosed, it poses a risk to users who may be targeted through remote attacks. Given the lack of communication from the vendor following early disclosure, users are strongly advised to review their device configurations and implement necessary security measures immediately to mitigate the threat.",TOTOLINK,A7000r Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-30T02:15:00.000Z,0
CVE-2022-32993,https://securityvulnerability.io/vulnerability/CVE-2022-32993,Access Control Vulnerability in TOTOLINK A7000R Router,"The TOTOLINK A7000R router version V4.1cu.4134 has been identified with an access control vulnerability. This issue arises due to the improper handling of permissions through the ExportSettings.sh script located in the /cgi-bin/ directory. This flaw could allow unauthorized users to access sensitive settings and potentially modify the configuration of the router, elevating the risk of compromising the device's integrity and the security of the network it serves.",Totolink,A7000r Firmware,9.8,CRITICAL,0.005539999809116125,false,,false,false,false,,,false,false,,2022-08-29T20:12:05.000Z,0
CVE-2022-37084,https://securityvulnerability.io/vulnerability/CVE-2022-37084,Stack Overflow Vulnerability in TOTOLINK A7000R Router,"The TOTOLINK A7000R router is vulnerable to a stack overflow exploit through the sPort parameter within the addEffect function. This vulnerability may allow an attacker to execute arbitrary code, potentially compromising the device and the network it's connected to.",Totolink,A7000r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T14:03:44.000Z,0
CVE-2022-37083,https://securityvulnerability.io/vulnerability/CVE-2022-37083,Command Injection Vulnerability in TOTOLINK A7000R Router,"A command injection vulnerability has been identified in the TOTOLINK A7000R router. Exploitation of this vulnerability allows attackers to inject malicious commands via the 'ip' parameter in the 'setDiagnosisCfg' function. This could enable unauthorized access or manipulation of the device, posing a risk to network integrity. Users are encouraged to assess their device configurations and apply any available updates to mitigate potential threats.",Totolink,A7000r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:03:43.000Z,0
CVE-2022-37082,https://securityvulnerability.io/vulnerability/CVE-2022-37082,Command Injection Vulnerability in TOTOLINK A7000R Router,"A command injection vulnerability has been identified in the TOTOLINK A7000R router firmware version V9.1.0u.6115_B20201022. This flaw allows attackers to exploit the 'host_time' parameter within the function responsible for syncing time with a remote host. By injecting malicious commands through this parameter, an unauthorized user may gain access to execute arbitrary code on the router, compromising its functionality and network security.",Totolink,A7000r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:03:42.000Z,0
CVE-2022-37080,https://securityvulnerability.io/vulnerability/CVE-2022-37080,Stack Overflow Vulnerability in TOTOLINK A7000R Router,"A stack overflow vulnerability has been identified in the TOTOLINK A7000R router, specifically in version V9.1.0u.6115_B20201022. This issue arises from improper handling of command parameters at the 'setting/setTracerouteCfg' routing configuration endpoint, which may allow attackers to execute arbitrary code. Organizations utilizing this router are advised to review their systems and apply necessary mitigations to safeguard against potential exploitation.",Totolink,A7000r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T14:03:41.000Z,0
CVE-2022-37081,https://securityvulnerability.io/vulnerability/CVE-2022-37081,Command Injection Vulnerability in TOTOLINK Router A7000R,"The TOTOLINK A7000R router is affected by a command injection vulnerability located in the 'command' parameter at 'setting/setTracerouteCfg'. This flaw allows an attacker to inject arbitrary commands that the router will execute, potentially compromising the device's integrity and allowing unauthorized access or control.",Totolink,A7000r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:03:41.000Z,0
CVE-2022-37079,https://securityvulnerability.io/vulnerability/CVE-2022-37079,Command Injection Vulnerability in TOTOLINK A7000R Router,"The TOTOLINK A7000R router is susceptible to a command injection vulnerability, which can be exploited through the 'hostName' parameter within the 'setOpModeCfg' function. By manipulating this parameter, an unauthorized attacker can execute arbitrary commands on the underlying operating system of the device. This exposure can lead to significant security risks, including unauthorized access and control over network settings.",Totolink,A7000r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:03:40.000Z,0
CVE-2022-37078,https://securityvulnerability.io/vulnerability/CVE-2022-37078,Command Injection Vulnerability in TOTOLINK A7000R Router,"A command injection vulnerability exists in the TOTOLINK A7000R router allowing attackers to exploit the lang parameter in the /setting/setLanguageCfg endpoint. This security flaw can potentially allow unauthorized access and execution of arbitrary commands, posing risks to device integrity and network security.",Totolink,A7000r Firmware,7.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2022-08-25T14:03:39.000Z,0
CVE-2022-37077,https://securityvulnerability.io/vulnerability/CVE-2022-37077,Stack Overflow Vulnerability in TOTOLINK A7000R Router,"The TOTOLINK A7000R router is vulnerable to a stack overflow due to improper handling of the 'pppoeUser' parameter. This flaw allows attackers to exploit the device and potentially execute arbitrary code, compromising the security of connected networks. Users are advised to apply necessary patches and adhere to security best practices to mitigate this risk.",Totolink,A7000r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T14:03:38.000Z,0
CVE-2022-37076,https://securityvulnerability.io/vulnerability/CVE-2022-37076,Command Injection Vulnerability in TOTOLINK A7000R Router,"The TOTOLINK A7000R router is susceptible to a command injection vulnerability through the FileName parameter during the firmware upload process. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the integrity and security of the router. The affected version is V9.1.0u.6115_B20201022.",Totolink,A7000r Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T14:00:28.000Z,0
CVE-2022-37075,https://securityvulnerability.io/vulnerability/CVE-2022-37075,Stack Overflow Vulnerability in TOTOLink A7000R Router,"A stack overflow vulnerability exists in the TOTOLink A7000R Router which can be exploited through the 'ip' parameter in the function setDiagnosisCfg. This flaw can lead to unexpected behavior, potentially allowing an attacker to execute arbitrary code, disrupt services, or compromise the router's functionality. Users of the affected firmware should apply appropriate security measures to mitigate the risk.",Totolink,A7000r Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T14:00:23.000Z,0