cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7217,https://securityvulnerability.io/vulnerability/CVE-2024-7217,Buffer Overflow Vulnerability in TOTOLINK CA300-PoE Product,"A vulnerability has been identified in the TOTOLINK CA300-PoE version 6.2c.884 affecting the loginauth function located in the /cgi-bin/cstecgi.cgi file. This flaw allows for a potential buffer overflow due to improper handling of the password argument. As a consequence, attackers can exploit this vulnerability remotely to execute unauthorized actions. Despite early disclosure attempts to the vendor, there was no response, raising concerns about the exposure of users to potential attacks. Security experts recommend immediate attention to mitigate the risks associated with this vulnerability.",Totolink,Ca300-poe Firmware,8.8,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2024-07-30T05:15:00.000Z,0
CVE-2023-24159,https://securityvulnerability.io/vulnerability/CVE-2023-24159,Command Injection Vulnerability in TOTOLINK CA300-PoE Router,"The TOTOLINK CA300-PoE V6.2c.884 is susceptible to a command injection vulnerability due to improper handling of the admpass parameter in the setPasswordCfg function. This flaw can be exploited by attackers to execute arbitrary commands on the device, potentially compromising its integrity and security. System administrators should apply the necessary patches and review configurations to mitigate this risk.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-14T00:00:00.000Z,0
CVE-2023-24160,https://securityvulnerability.io/vulnerability/CVE-2023-24160,Command Injection Vulnerability in TOTOLINK CA300-PoE Product,"The TOTOLINK CA300-PoE V6.2c.884 is susceptible to a command injection vulnerability due to improper validation of the admuser parameter in the setPasswordCfg function. This flaw allows attackers to potentially execute arbitrary commands on the device, leading to unauthorized access and control over its functions. Users are advised to review their configurations and apply necessary mitigations to secure their devices.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-14T00:00:00.000Z,0
CVE-2023-24161,https://securityvulnerability.io/vulnerability/CVE-2023-24161,Command Injection Vulnerability in TOTOLINK CA300-PoE by TOTOLINK,"The TOTOLINK CA300-PoE V6.2c.884 device has been identified with a command injection vulnerability, specifically through the webWlanIdx parameter in the setWebWlanIdx function. This flaw enables an attacker to execute arbitrary commands on the device, potentially compromising network integrity and exposing sensitive information. Proper security measures should be implemented to mitigate potential risks associated with this vulnerability.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.03296000137925148,false,,false,false,false,,,false,false,,2023-02-14T00:00:00.000Z,0
CVE-2023-24142,https://securityvulnerability.io/vulnerability/CVE-2023-24142,Command Injection Vulnerability in TOTOLINK CA300-PoE Device,"The TOTOLINK CA300-PoE device is susceptible to a command injection vulnerability that can be exploited through the 'NetDiagPingSize' parameter in the 'setNetworkDiag' function. This flaw allows attackers to execute arbitrary commands within the device's context, potentially compromising the system's integrity and security. It is crucial for users of affected versions to apply patches or mitigations promptly to protect against unauthorized access and exploitation.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24143,https://securityvulnerability.io/vulnerability/CVE-2023-24143,Command Injection Flaw in TOTOLINK CA300-PoE by TOTOLINK,"A command injection vulnerability has been identified in the TOTOLINK CA300-PoE device, specifically linked to the NetDiagTracertHop parameter within the setNetworkDiag function. This flaw could allow an attacker to send specially crafted input to the affected component, potentially enabling the execution of arbitrary commands on the device, which may compromise network security and integrity.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24144,https://securityvulnerability.io/vulnerability/CVE-2023-24144,Command Injection Vulnerability in TOTOLINK CA300-PoE Router,The TOTOLINK CA300-PoE router in version V6.2c.884 is vulnerable to command injection due to improper validation of the 'hour' parameter in the setRebootScheCfg function. This flaw allows an attacker to execute arbitrary commands that can alter device configurations and potentially compromise the security of the device and the network it serves.,Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24145,https://securityvulnerability.io/vulnerability/CVE-2023-24145,Command Injection in TOTOLINK CA300-PoE Product by TOTOLINK,"The TOTOLINK CA300-PoE product is affected by a command injection vulnerability found in the setUnloadUserData function, specifically through the plugin_version parameter. This security flaw could potentially allow attackers to execute arbitrary commands on the affected device, compromising the security of the entire network. Timely updates and patches are essential to mitigate this risk.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24138,https://securityvulnerability.io/vulnerability/CVE-2023-24138,Command Injection Vulnerability in TOTOLINK CA300-PoE Device,"The TOTOLINK CA300-PoE device version V6.2c.884 has been identified to have a command injection vulnerability. This issue arises from an improper validation of user input in the NTPSyncWithHost function, particularly in the host_time parameter. Exploiting this vulnerability can allow an attacker to execute arbitrary commands on the affected device, potentially compromising network integrity and security.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24147,https://securityvulnerability.io/vulnerability/CVE-2023-24147,Hardcoded Password Vulnerability in TOTOLINK CA300-PoE,"The TOTOLINK CA300-PoE model V6.2c.884 is affected by a significant vulnerability where a hardcoded password for the telnet service is embedded within the device's configuration file, specifically located at /etc/config/product.ini. This flaw can potentially allow unauthorized access to the telnet service, compromising the device's security and enabling attackers to execute further malicious actions.",Totolink,Ca300-poe Firmware,7.5,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24148,https://securityvulnerability.io/vulnerability/CVE-2023-24148,Command Injection Vulnerability in TOTOLINK CA300-PoE Devices,"The TOTOLINK CA300-PoE V6.2c.884 device is susceptible to a command injection vulnerability due to inadequate validation of input received via the FileName parameter in the setUploadUserData function. This flaw could potentially allow an attacker to execute arbitrary commands on the affected device, leading to unauthorized access and manipulation of critical system functionality.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24149,https://securityvulnerability.io/vulnerability/CVE-2023-24149,Hardcoded Root Password Vulnerability in TOTOLINK CA300-PoE Devices,"The TOTOLINK CA300-PoE device version V6.2c.884 contains a significant security flaw due to a hardcoded root password stored in the vulnerable component /etc/shadow. This issue allows unauthorized users to gain elevated privileges, potentially compromising the device's security and enabling further exploitation within the network. Users are advised to implement security measures to mitigate this vulnerability.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.02266000024974346,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24146,https://securityvulnerability.io/vulnerability/CVE-2023-24146,Command Injection Vulnerability in TOTOLINK CA300-PoE Router,"The TOTOLINK CA300-PoE V6.2c.884 is affected by a command injection vulnerability through the 'minute' parameter in the 'setRebootScheCfg' function. This flaw allows unauthorized users to execute arbitrary commands on the system, potentially leading to a compromise of device integrity and security. It is crucial for users of affected products to apply the latest patches and configure their devices to mitigate potential risks associated with this vulnerability.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24139,https://securityvulnerability.io/vulnerability/CVE-2023-24139,Command Injection Vulnerability in TOTOLINK CA300-PoE Devices,"The TOTOLINK CA300-PoE device version V6.2c.884 contains a command injection vulnerability due to improper handling of the NetDiagHost parameter in the setNetworkDiag function. This flaw allows an attacker to execute arbitrary commands on the device, posing significant risks to the integrity and security of the network. Proper validation and sanitization of input parameters are essential to mitigate potential exploitation.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24140,https://securityvulnerability.io/vulnerability/CVE-2023-24140,Command Injection Vulnerability in TOTOLINK CA300-PoE Product,"The TOTOLINK CA300-PoE version V6.2c.884 has a command injection vulnerability that arises in the setNetworkDiag function due to improper handling of the NetDiagPingNum parameter, which allows attackers to execute arbitrary commands. This vulnerability can lead to unauthorized access and manipulation of network diagnostics, compromising device integrity and security.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0
CVE-2023-24141,https://securityvulnerability.io/vulnerability/CVE-2023-24141,Command Injection Vulnerability in TOTOLINK CA300-PoE by TOTOLINK,"A command injection vulnerability exists in the TOTOLINK CA300-PoE through the NetDiagPingTimeOut parameter within the setNetworkDiag function. This flaw allows an attacker to execute arbitrary commands on the device, potentially compromising its integrity and security. Users of affected versions should take immediate measures to safeguard their devices and apply necessary updates.",Totolink,Ca300-poe Firmware,9.8,CRITICAL,0.3112800121307373,false,,false,false,false,,,false,false,,2023-02-03T00:00:00.000Z,0