cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-7095,https://securityvulnerability.io/vulnerability/CVE-2023-7095,Totolink A7100RU HTTP POST Request main buffer overflow,"A buffer overflow vulnerability exists in the Totolink A7100RU model, specifically within the HTTP POST Request Handler's main function located at /cgi-bin/cstecgi.cgi?action=login. This flaw arises from manipulating the 'flag' argument, which can lead to unexpected behaviors and potential exploitation. Notably, the vulnerability allows attackers to execute remote attacks, highlighting significant concerns for user security. The public disclosure of this exploit demonstrates the urgency for users to implement the necessary security measures to protect their systems.",Totolink,A7100RU,9.8,CRITICAL,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-12-25T01:15:00.000Z,0
CVE-2023-6906,https://securityvulnerability.io/vulnerability/CVE-2023-6906,Totolink A7100RU HTTP POST Request main buffer overflow,"A remote buffer overflow vulnerability exists in the Totolink A7100RU router, specifically in the HTTP POST Request Handler within the /cgi-bin/cstecgi.cgi script. This vulnerability arises when manipulating the 'flag' argument with the input 'ie8', allowing attackers to overflow the buffer, potentially leading to unauthorized access or execution of malicious code. This exploit has been publicly disclosed and attackers may leverage it to compromise affected devices. It is crucial for users to apply necessary updates and security measures to protect their networks.",Totolink,A7100RU,9.8,CRITICAL,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-12-18T04:15:00.000Z,0
CVE-2023-33556,https://securityvulnerability.io/vulnerability/CVE-2023-33556,Command Injection Vulnerability in TOTOLink A7100RU Router,"The TOTOLink A7100RU router version V7.4cu.2313_B20191024 is susceptible to a command injection vulnerability that arises from improper handling of the 'staticGw' parameter within the /setting/setWanIeCfg endpoint. This flaw may allow unauthorized users to execute arbitrary commands on the router, potentially compromising the integrity and security of network operations. Implementing appropriate security updates and configurations is vital to mitigate risks associated with this vulnerability.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.2264299988746643,false,,false,false,false,,,false,false,,2023-06-07T00:00:00.000Z,0
CVE-2023-30054,https://securityvulnerability.io/vulnerability/CVE-2023-30054,Command Injection Vulnerability in TOTOLINK A7100RU by TOTOLINK,"The TOTOLINK A7100RU router is susceptible to a command injection vulnerability, allowing a remote attacker to execute arbitrary commands on the device. By sending a specially crafted payload to the vulnerable version, an attacker can gain a stable root shell, potentially compromising the entire network. This vulnerability emphasizes the importance of keeping device firmware updated and implementing robust security measures to prevent unauthorized access.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.014820000156760216,false,,false,false,false,,,false,false,,2023-05-05T00:00:00.000Z,0
CVE-2023-30053,https://securityvulnerability.io/vulnerability/CVE-2023-30053,Command Injection Vulnerability in TOTOLINK A7100RU Router,"The TOTOLINK A7100RU router version V7.4cu.2313_B20191024 is exposed to a command injection vulnerability. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of network settings. Users are advised to review their device security configurations and consider applying necessary updates to mitigate this risk.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.014820000156760216,false,,false,false,false,,,false,false,,2023-05-05T00:00:00.000Z,0
CVE-2023-26978,https://securityvulnerability.io/vulnerability/CVE-2023-26978,Command Injection Vulnerability in TOTOlink Router A7100RU,"The TOTOlink A7100RU router has been identified with a command injection vulnerability that can be exploited through the pppoeAcName parameter within the /setting/setWanIeCfg endpoint. This flaw allows an attacker to send crafted input, which could potentially execute arbitrary commands on the device, compromising the network environment. Addressing this vulnerability promptly is essential to safeguard against unauthorized access and ensure the integrity of network configurations.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.21730999648571014,false,,false,false,false,,,false,false,,2023-04-07T04:15:00.000Z,0
CVE-2023-26848,https://securityvulnerability.io/vulnerability/CVE-2023-26848,Command Injection Vulnerability in TOTOlink A7100RU Network Device,"A command injection vulnerability has been identified in the TOTOlink A7100RU network device. This issue arises when an attacker exploits the 'org' parameter during the configuration of static DHCP rules, allowing unauthorized command execution. If successfully exploited, this vulnerability could enable an attacker to manipulate the device's operating environment, potentially compromising its functionality and the security of the network it serves.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.21730999648571014,false,,false,false,false,,,false,false,,2023-04-07T03:15:00.000Z,0
CVE-2023-27232,https://securityvulnerability.io/vulnerability/CVE-2023-27232,Command Injection Vulnerability in TOTOlink Router,"The TOTOlink A7100RU router version V7.4cu.2313_B20191024 is affected by a command injection vulnerability. This security flaw arises from improper handling of user input, specifically via the 'wanStrategy' parameter at the '/setting/setWanIeCfg' endpoint. Attackers could exploit this vulnerability to execute arbitrary commands on the device, potentially compromising network integrity and leading to unauthorized access.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-03-28T23:15:00.000Z,0
CVE-2023-27229,https://securityvulnerability.io/vulnerability/CVE-2023-27229,Command Injection Vulnerability in TOTOlink A7100RU Router,"A command injection vulnerability has been identified in the TOTOlink A7100RU router, specifically in version V7.4cu.2313_B20191024, via the `upBw` parameter at the endpoint /setting/setWanIeCfg. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and exposing users to further risks. It highlights the importance of securing input parameters to prevent unauthorized actions and protect network devices.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2023-27231,https://securityvulnerability.io/vulnerability/CVE-2023-27231,Command Injection Vulnerability in TOTOlink A7100RU Router,"A command injection vulnerability exists in TOTOlink A7100RU, allowing attackers to execute arbitrary commands through the downBw parameter in the /setting/setWanIeCfg endpoint. This flaw could enable unauthorized access and manipulation of router settings, jeopardizing the security and privacy of the network.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2023-27135,https://securityvulnerability.io/vulnerability/CVE-2023-27135,Command Injection Vulnerability in TOTOlink A7100RU Router,"A command injection vulnerability has been identified in the TOTOlink A7100RU router, specifically in version V7.4cu.2313_B20191024. This vulnerability is triggered by an insecure implementation in the enabled parameter at the endpoint /setting/setWanIeCfg, allowing attackers to execute arbitrary commands on the device. If exploited, this may lead to unauthorized access and control over the router, potentially compromising connected networks. Users are advised to apply available patches to mitigate this risk.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-03-23T00:00:00.000Z,0
CVE-2023-25395,https://securityvulnerability.io/vulnerability/CVE-2023-25395,Command Injection Vulnerability in TOTOlink A7100RU Router,"A command injection vulnerability exists in the TOTOlink A7100RU router, specifically through the 'ou' parameter at the /setting/delStaticDhcpRules endpoint. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized control and data exposure. It is crucial for users to secure their routers and apply updates to mitigate the risks associated with this vulnerability.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-03-08T00:00:00.000Z,0
CVE-2023-24184,https://securityvulnerability.io/vulnerability/CVE-2023-24184,Command Injection Vulnerability in TOTOLink A7100RU Router,"The TOTOLink A7100RU router has been found to possess a command injection vulnerability that allows unauthorized commands to be executed, potentially compromising the device's functionality and user data security. This vulnerability could be exploited by attackers to execute arbitrary commands, leading to unauthorized access or control of the device. Users are urged to check their devices for the affected firmware version and apply necessary updates to safeguard against exploitation.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.019120000302791595,false,,false,false,false,,,false,false,,2023-02-21T00:00:00.000Z,0
CVE-2023-24238,https://securityvulnerability.io/vulnerability/CVE-2023-24238,Command Injection Vulnerability in TOTOlink A7100RU by TOTOlink,"A command injection vulnerability has been identified in the TOTOlink A7100RU router, which allows attackers to execute arbitrary commands on the device. This vulnerability is triggered via the 'city' parameter within the setting for static DHCP rules, potentially compromising the integrity and security of the network environment.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-16T00:00:00.000Z,0
CVE-2023-24236,https://securityvulnerability.io/vulnerability/CVE-2023-24236,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router is affected by a command injection vulnerability that arises from improper handling of the 'province' parameter at the setting/delStaticDhcpRules endpoint. This flaw could allow an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access and control over the network. Users are encouraged to review their device configurations and apply any available updates to mitigate this security risk.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-16T00:00:00.000Z,0
CVE-2023-24276,https://securityvulnerability.io/vulnerability/CVE-2023-24276,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router has been found to be vulnerable to a command injection issue, specifically through the 'country' parameter in the API endpoint for managing DHCP rules. This vulnerability allows attackers to execute arbitrary commands on the device, potentially compromising the network and exposing sensitive information. Addressing this issue is crucial for maintaining the integrity and security of users' networks.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-06T00:00:00.000Z,0
CVE-2022-48122,https://securityvulnerability.io/vulnerability/CVE-2022-48122,Command Injection in TOTOlink A7100RU Router,"The TOTOlink A7100RU router is susceptible to a command injection vulnerability found in the setting/delStaticDhcpRules function. This issue enables attackers to exploit the dayvalid parameter, potentially allowing unauthorized command execution on the device. Organizations using vulnerable versions should prioritize updates to safeguard against potential intrusions.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-48123,https://securityvulnerability.io/vulnerability/CVE-2022-48123,Command Injection Vulnerability in TOTOlink A7100RU by TOTOlink,"The TOTOlink A7100RU device, specifically version V7.4cu.2313_B20191024, is impacted by a command injection vulnerability through the servername parameter within the setting/delStaticDhcpRules function. This flaw allows unauthorized remote command execution, potentially leading to further exploitation of the device and compromising network security.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-48124,https://securityvulnerability.io/vulnerability/CVE-2022-48124,Command Injection Vulnerability in TOTOlink Router,"The TOTOlink A7100RU router has been identified with a command injection vulnerability that allows attackers to execute arbitrary commands through manipulated inputs in the FileName parameter during the OpenVPN certificate generation configuration. This flaw poses a significant risk, as it could potentially lead to unauthorized access or control over the affected network device.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-48125,https://securityvulnerability.io/vulnerability/CVE-2022-48125,Command Injection Vulnerability in TOTOlink A7100RU Firmware,"A command injection vulnerability was identified in the TOTOlink A7100RU router firmware, specifically within the setting/setOpenVpnCertGenerationCfg function. Due to insufficient validation of the password parameter, an attacker can execute arbitrary commands on the device. This flaw poses a significant risk, as it could allow unauthorized users to manipulate device operations, potentially leading to data breaches and unauthorized access to network resources.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-48126,https://securityvulnerability.io/vulnerability/CVE-2022-48126,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router has been identified as susceptible to a command injection vulnerability, particularly within the username parameter of the setting/setOpenVpnCertGenerationCfg function. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access or manipulation of the router's functionality. Organizations using this router should review their configurations and apply necessary mitigations to protect their networks.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-48121,https://securityvulnerability.io/vulnerability/CVE-2022-48121,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router, version V7.4cu.2313_B20191024, contains a command injection vulnerability allowing attackers to exploit the rsabits parameter within the setting/delStaticDhcpRules function. This flaw could enable unauthorized execution of commands on the affected device, potentially compromising network security and integrity.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-20T00:00:00.000Z,0
CVE-2022-47853,https://securityvulnerability.io/vulnerability/CVE-2022-47853,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router, specifically the version V7.4cu.2313_B20191024, is exposed to a command injection vulnerability within its httpd service. This flaw allows an attacker to execute arbitrary commands on the device, potentially leading to the acquisition of a stable root shell. By exploiting this vulnerability, malicious actors can gain unauthorized control over the router, posing significant risks to network security and user data.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2023-01-17T00:00:00.000Z,0
CVE-2022-46634,https://securityvulnerability.io/vulnerability/CVE-2022-46634,Command Injection Vulnerability in TOTOlink A7100RU Router,"The TOTOlink A7100RU router firmware version V7.4cu.2313_B20191024 is susceptible to a command injection vulnerability. This issue arises through the manipulation of the 'wscDisabled' parameter within the 'setting/setWiFiWpsCfg' function, allowing an attacker to execute arbitrary commands on the device. Exploiting this vulnerability can lead to unauthorized access, compromising the security of the network infrastructure.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-12-15T00:00:00.000Z,0
CVE-2022-46631,https://securityvulnerability.io/vulnerability/CVE-2022-46631,Command Injection Vulnerability in TOTOlink Router by TOTOlink,"The TOTOlink A7100RU router is susceptible to a command injection vulnerability through the wscDisabled parameter in the setting/setWiFiSignalCfg function. An attacker could exploit this flaw to execute arbitrary commands on the device, jeopardizing the security of network configurations and potentially leading to unauthorized access. Users are encouraged to check for updates and apply security patches to mitigate risks.",Totolink,A7100ru Firmware,9.8,CRITICAL,0.025919999927282333,false,,false,false,false,,,false,false,,2022-12-15T00:00:00.000Z,0