cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37632,https://securityvulnerability.io/vulnerability/CVE-2024-37632,Stack Overflow Vulnerability in TOTOLINK A3700R by TOTOLINK,"The TOTOLINK A3700R router is reportedly susceptible to a stack overflow vulnerability through the password parameter in the loginAuth function. This flaw may allow an attacker to execute arbitrary code or cause a denial of service. By exploiting this vulnerability, unauthorized users could gain elevated privileges, posing significant security risks to the device and the networks it operates within. Users are encouraged to assess their systems and apply any available patches or updates to mitigate this risk.",Totolink,A3700r Firmware,9.8,CRITICAL,0.08810999989509583,false,,false,false,false,,,false,false,,2024-06-13T00:00:00.000Z,0
CVE-2024-37635,https://securityvulnerability.io/vulnerability/CVE-2024-37635,Stack Overflow Vulnerability in TOTOLINK A3700R Router,"The TOTOLINK A3700R router is susceptible to a stack overflow vulnerability that can be triggered via the 'ssid' parameter in the 'setWiFiBasicCfg' function. This security flaw could potentially allow an attacker to exploit the router, leading to unauthorized access or a denial of service. Proper configuration and timely updates are critical to mitigate associated risks.",Totolink,A3700r Firmware,9.8,CRITICAL,0.08585000038146973,false,,false,false,false,,,false,false,,2024-06-13T00:00:00.000Z,0
CVE-2024-28639,https://securityvulnerability.io/vulnerability/CVE-2024-28639,Buffer Overflow Vulnerability in TOTOLink X5000R and A7000R Products,"The buffer overflow vulnerability present in certain versions of TOTOLink X5000R and A7000R products facilitates an exploit that may enable remote attackers to execute arbitrary code, potentially leading to a denial of service (DoS). This vulnerability is specifically notable in the handling of the IP field, making it critical for users to secure their devices against potential exploits.",Totolink,X5000r Firmware,9.8,CRITICAL,0.0727199986577034,false,,false,false,false,,,false,false,,2024-03-16T00:00:00.000Z,0
CVE-2024-7332,https://securityvulnerability.io/vulnerability/CVE-2024-7332,Hard-coded Password Vulnerability in TOTOLINK CP450 Telnet Service,"A critical vulnerability has been identified in the TOTOLINK CP450 device, specifically within its Telnet service configuration file, 'product.ini'. The flaw arises from the use of a hard-coded password, which can be leveraged by an attacker to gain unauthorized remote access to the system. This vulnerability poses significant security risks, especially for Internet of Things (IoT) devices, given their often limited security measures. Exploitation of this flaw could lead to unauthorized actions being executed on affected devices. The issue has been publicly disclosed, raising immediate concerns for users of the affected version, particularly without timely vendor responses to mitigate the impact.",Totolink,Cp450,9.8,CRITICAL,0.06408999860286713,false,,false,false,true,2024-07-31T23:31:04.000Z,true,false,false,,2024-08-01T00:31:04.452Z,0
CVE-2024-10966,https://securityvulnerability.io/vulnerability/CVE-2024-10966,OS Command Injection in TOTOLINK X18 Router,"A severe OS command injection vulnerability has been identified in the TOTOLINK X18 router, specifically in the handling of requests made to the cstecgi.cgi file. The flaw allows attackers to manipulate input parameters, notably the 'enable' argument, thus executing arbitrary commands on the operating system of the router. With the potential for remote exploitation, this vulnerability poses a significant threat, as attackers can gain unauthorized access and control over the affected device. Users are urged to apply security measures and updates promptly to mitigate the risks associated with this vulnerability.",Totolink,X18,8.8,HIGH,0.03700999915599823,false,,false,false,true,2024-11-07T18:00:10.000Z,true,false,false,,2024-11-07T18:00:10.394Z,0