cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1340,https://securityvulnerability.io/vulnerability/CVE-2025-1340,Stack-Based Buffer Overflow Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 router, specifically within the setPasswordCfg function of the cstecgi.cgi file. This flaw can lead to a stack-based buffer overflow, allowing remote attackers to exploit the device without needing physical access. The issue has been publicly disclosed, raising the stakes for users to safeguard their networks against potential malicious activities. The vendor was notified prior to this disclosure but did not provide a response.",Totolink,X18,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-02-16T13:31:05.000Z,true,false,false,,2025-02-16T13:31:05.705Z,239
CVE-2025-1339,https://securityvulnerability.io/vulnerability/CVE-2025-1339,OS Command Injection Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 Router, specifically in the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. This issue allows for potential OS command injection through manipulation of the argument 'enable.' The vulnerability can be exploited remotely, raising concerns about unauthorized access and control over the router. Despite early disclosure to the vendor, no response was received, leaving the security of users at risk. Mitigation efforts are recommended to prevent exploitation.",Totolink,X18,5.3,MEDIUM,0.0006600000197067857,false,,false,false,true,2025-02-16T12:00:19.000Z,true,false,false,,2025-02-16T12:00:19.638Z,0
CVE-2024-41319,https://securityvulnerability.io/vulnerability/CVE-2024-41319,TOTOLINK A6000R Vulnerability Discovered: Command Injection Flaw in WebCmd Function,"The TOTOLINK A6000R router has been identified with a command injection vulnerability stemming from the improper handling of user inputs within the webcmd function. By manipulating the cmd parameter, unauthorized users can execute arbitrary commands on the device, potentially compromising its integrity and security. This vulnerability poses significant risks to networks utilizing the affected version, enabling attackers to gain access to sensitive functions and data.",TOTOLINK,A6000r Firmware,9.8,CRITICAL,0.019379999488592148,false,,false,false,true,2024-12-20T18:31:58.000Z,true,false,false,,2024-07-23T00:00:00.000Z,0
CVE-2024-12352,https://securityvulnerability.io/vulnerability/CVE-2024-12352,Exploitable Stack-Based Buffer Overflow in TOTOLINK EX1800T Firmware,"CVE-2024-12352 is a high-risk vulnerability identified in the TOTOLINK EX1800T router's firmware version 9.1.0cu.2112_B20220316. This critical flaw exists within the function sub_40662C of the CGI script located at /cgi-bin/cstecgi.cgi. It allows attackers to manipulate the 'ssid' argument and trigger a stack-based buffer overflow, potentially enabling remote execution of arbitrary code. Given that the exploit has been publicly disclosed, it poses a significant threat to network integrity and user data security. Users are advised to apply relevant security patches and monitor for any suspicious activity.",Totolink,Ex1800t,9.8,CRITICAL,0.002300000051036477,false,,false,false,true,2024-12-09T01:00:16.000Z,true,false,false,,2024-12-09T01:00:16.961Z,0
CVE-2024-10966,https://securityvulnerability.io/vulnerability/CVE-2024-10966,OS Command Injection in TOTOLINK X18 Router,"A severe OS command injection vulnerability has been identified in the TOTOLINK X18 router, specifically in the handling of requests made to the cstecgi.cgi file. The flaw allows attackers to manipulate input parameters, notably the 'enable' argument, thus executing arbitrary commands on the operating system of the router. With the potential for remote exploitation, this vulnerability poses a significant threat, as attackers can gain unauthorized access and control over the affected device. Users are urged to apply security measures and updates promptly to mitigate the risks associated with this vulnerability.",Totolink,X18,8.8,HIGH,0.03700999915599823,false,,false,false,true,2024-11-07T18:00:10.000Z,true,false,false,,2024-11-07T18:00:10.394Z,0
CVE-2024-10654,https://securityvulnerability.io/vulnerability/CVE-2024-10654,Authorization Bypass Vulnerability in TOTOLINK LR350,"A critical authorization bypass vulnerability has been identified in the TOTOLINK LR350 router, specifically affecting versions up to 9.3.5u.6369. This vulnerability is associated with the manipulation of the authentication parameter 'authCode' within the /formLoginAuth.htm file, allowing unauthorized users to gain access remotely. The flaw poses significant risks as it enables attackers to bypass authentication mechanisms, potentially leading to full control over the device. As a mitigation strategy, users are strongly advised to upgrade to version 9.3.5u.6698_B20230810, which addresses this security concern. Prompt action is crucial to safeguard your network and devices against this exploit.",Totolink,Lr350,5.3,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-11-01T11:31:05.000Z,true,false,false,,2024-11-01T11:31:05.723Z,0
CVE-2024-9001,https://securityvulnerability.io/vulnerability/CVE-2024-9001,OS Command Injection Threat in TOTOLINK T10 Router,"A security vulnerability exists in the TOTOLINK T10 router, specifically within the setTracerouteCfg function found in the /cgi-bin/cstecgi.cgi file. This issue allows an attacker to execute arbitrary OS commands through improper validation of input parameters, leading to potential system compromise. The vulnerability can be exploited remotely, which increases its risk level. Despite early warnings provided to the vendor, there has been no acknowledgment or response, leaving users of affected versions exposed. It is imperative for users to remediate this vulnerability to safeguard their networks from malicious attacks.",Totolink,T10,8.8,HIGH,0.0013800000306218863,false,,false,false,true,2024-09-19T19:00:09.000Z,true,false,false,,2024-09-19T20:00:09.012Z,0
CVE-2024-8580,https://securityvulnerability.io/vulnerability/CVE-2024-8580,Remote Code Manipulation Vulnerability in TOTOLINK AC1200 T8,"A serious vulnerability has been identified in the TOTOLINK AC1200 T8, specifically within the file '/etc/shadow.sample'. This issue arises from the presence of a hard-coded password, which poses significant security risks. The vulnerability enables remote attackers to manipulate the system, although the complexity and difficulty of exploitation are relatively high. The flaw was publicly disclosed without any response from the vendor, leaving the potential for exploitation open. Users of the affected firmware version are advised to take immediate action to safeguard their networks.",Totolink,Ac1200 T8,8.1,HIGH,0.0020000000949949026,false,,false,false,true,2024-09-08T19:31:06.000Z,true,false,false,,2024-09-08T20:31:06.358Z,0
CVE-2024-8579,https://securityvulnerability.io/vulnerability/CVE-2024-8579,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 WiFi Repeater,"A significant buffer overflow vulnerability exists in the TOTOLINK AC1200 T8, specifically within the setWiFiRepeaterCfg function located in the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the 'password' argument, potentially leading to a system crash or unauthorized access. As this exploit can be executed remotely, it poses a considerable risk to users. Although the issue was communicated to TOTOLINK prior to public disclosure, no response was recorded from the vendor, emphasizing the need for users to address their devices' security against potential exploitations.",Totolink,Ac1200 T8,9.8,CRITICAL,0.0020000000949949026,false,,false,false,true,2024-09-08T18:31:05.000Z,true,false,false,,2024-09-08T19:31:05.769Z,0
CVE-2024-8578,https://securityvulnerability.io/vulnerability/CVE-2024-8578,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 4.1.5cu.861 Could Be Remotely Exploited,"A buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 router, specifically within the setWiFiMeshName function located in /cgi-bin/cstecgi.cgi. This issue arises from improper handling of the device_name argument, which could allow an attacker to execute arbitrary code. The exploit is capable of being triggered remotely, posing significant risks to network integrity and security. Despite early notification efforts to the vendor regarding this vulnerability, there has been no response, raising concerns about timely mitigation strategies.",Totolink,Ac1200 T8,8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T18:00:05.000Z,true,false,false,,2024-09-08T19:00:05.992Z,0
CVE-2024-8577,https://securityvulnerability.io/vulnerability/CVE-2024-8577,Buffer Overflow Issue in TOTOLINK AC1200 T8 and T10 Products,"A critical buffer overflow vulnerability has been discovered in the TOTOLINK AC1200 T8 and T10 routers within the setStaticDhcpRules function located in /cgi-bin/cstecgi.cgi. This vulnerability arises from improper handling of input arguments, particularly the 'desc' parameter, leading to potential remote code execution. As the exploit has been publicly disclosed, it poses a significant risk to users of these devices. Security measures should be taken immediately to mitigate potential attacks, which could exploit this flaw without requiring any prior authentication.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T17:31:05.000Z,true,false,false,,2024-09-08T18:31:05.815Z,0
CVE-2024-8576,https://securityvulnerability.io/vulnerability/CVE-2024-8576,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Products,"A significant buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically in the setIpPortFilterRules function located within the cgi-bin/cstecgi.cgi file. This vulnerability enables an attacker to manipulate the 'desc' parameter, potentially leading to code execution via a remote attack. The exploit has been publicly disclosed, and even though the vendor was notified prior to the disclosure, no response was received. Users of these routers are advised to take immediate action to secure their devices.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T17:00:06.000Z,true,false,false,,2024-09-08T18:00:06.899Z,0
CVE-2024-8575,https://securityvulnerability.io/vulnerability/CVE-2024-8575,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"A critical buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 router, specifically in the setWiFiScheduleCfg function of the cstecgi.cgi file. This vulnerability arises from improper handling of the 'desc' argument, allowing attackers to manipulate the memory allocation and execute arbitrary code. The exploit can be initiated remotely, putting devices at significant risk if left unpatched. Despite early disclosure attempts to the vendor, there has been no response. Users of the affected version (4.1.5cu.861_B20230220) are strongly advised to monitor for updates and apply necessary mitigations to protect their devices.",Totolink,Ac1200 T8,8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T15:31:05.000Z,true,false,false,,2024-09-08T16:31:05.766Z,0
CVE-2024-8574,https://securityvulnerability.io/vulnerability/CVE-2024-8574,Command Injection Vulnerability in TOTOLINK AC1200 T8 Router,"A critical command injection vulnerability has been identified in the TOTOLINK AC1200 T8 router that enables attackers to exploit the 'setParentalRules' function located in the /cgi-bin/cstecgi.cgi file. By manipulating the 'slaveIpList' argument, remote attackers can execute arbitrary operating system commands without the need for authentication. The vulnerability has been publicly disclosed, and despite early contact with the vendor, no response was received. This exploit poses a significant risk to users and requires immediate action to mitigate potential threats.",Totolink,Ac1200 T8,8.8,HIGH,0.0013800000306218863,false,,false,false,true,2024-09-08T10:00:06.000Z,true,false,false,,2024-09-08T11:00:06.220Z,0
CVE-2024-8573,https://securityvulnerability.io/vulnerability/CVE-2024-8573,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Routers,"A critical buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically within the setParentalRules function located in the cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by manipulating the 'desc' argument, leading to a buffer overflow condition. The nature of this flaw allows for remote exploitation, opening the door for potential attackers to execute arbitrary code. The exploit has already been publicly disclosed, putting users at significant risk. Despite proactive communication regarding this issue, TOTOLINK has not provided a response or mitigation strategy.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T09:00:06.000Z,true,false,false,,2024-09-08T10:00:06.219Z,0
CVE-2024-8162,https://securityvulnerability.io/vulnerability/CVE-2024-8162,Vulnerability in TOTOLINK T10 AC1200 Telnet Service,"A significant security flaw has been identified in the TOTOLINK T10 AC1200, specifically within the Telnet service's handling of configuration files. The vulnerability lies in the use of hard-coded credentials located in the /squashfs-root/web_cste/cgi-bin/product.ini file. This design oversight allows attackers to exploit the device remotely, potentially gaining unauthorized access to its functionalities. As of now, the vendor has not addressed this issue despite early notifications about the existence of this vulnerability. Organizations utilizing the affected product should prioritize remediation to safeguard against possible exploitation.",Totolink,T10 Ac1200,9.8,CRITICAL,0.0024300001095980406,false,,false,false,true,2024-08-26T12:00:09.000Z,true,false,false,,2024-08-26T13:00:09.562Z,0
CVE-2024-7465,https://securityvulnerability.io/vulnerability/CVE-2024-7465,Buffer Overflow in TOTOLINK CP450 Affects Remote Authentication,"A critical vulnerability has been identified in the TOTOLINK CP450 device, specifically within the authentication functionality located in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the 'http_host' argument, enabling a malicious actor to exploit a buffer overflow flaw. The impact of this flaw allows attackers to launch remote access attacks, potentially compromising device security. Despite early disclosures to the vendor, there has been no response, raising concerns about the urgency of patch implementation and user vigilance. Organizations using the affected version are advised to take immediate measures to secure their devices against potential exploits.",Totolink,Cp450,9.8,CRITICAL,0.002319999970495701,false,,false,false,true,2024-08-05T00:31:04.000Z,true,false,false,,2024-08-05T01:31:04.318Z,0
CVE-2024-7464,https://securityvulnerability.io/vulnerability/CVE-2024-7464,Command Injection Vulnerability in TOTOLINK CP900 Telnet Service,"A serious command injection vulnerability has been identified in the TOTOLINK CP900 version 6.3c.566, specifically within the Telnet Service's setTelnetCfg function. This flaw arises from improper validation of the telnet_enabled argument, allowing attackers to execute arbitrary commands remotely by manipulating this parameter. The vulnerability has been disclosed publicly, and despite attempts to communicate with the vendor for a resolution, they have not responded. Users of affected systems should take immediate action to mitigate potential exploitation.",Totolink,Cp900,9.8,CRITICAL,0.002950000111013651,false,,false,false,true,2024-08-05T00:00:06.000Z,true,false,false,,2024-08-05T01:00:06.527Z,0
CVE-2024-7463,https://securityvulnerability.io/vulnerability/CVE-2024-7463,Buffer Overflow Vulnerability in TOTOLINK CP900,"A critical vulnerability has been identified in the TOTOLINK CP900 device, specifically within the UploadCustomModule function found in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to exploit a buffer overflow by manipulating the 'File' argument, potentially leading to unauthorized access and execution of malicious code. The vulnerability can be triggered remotely, posing significant risks to users and their networks. Despite early notification to the vendor regarding this issue, there has been no response, highlighting the urgency for users to secure their devices against possible attacks. It is imperative for system administrators to review their network configurations and apply necessary countermeasures to mitigate the risk associated with this vulnerability.",Totolink,Cp900,9.8,CRITICAL,0.002319999970495701,false,,false,false,true,2024-08-04T23:31:04.000Z,true,false,false,,2024-08-05T00:31:04.075Z,0
CVE-2024-7462,https://securityvulnerability.io/vulnerability/CVE-2024-7462,Buffer Overflow Exploit in TOTOLINK N350RT Router,"A critical buffer overflow vulnerability exists in the TOTOLINK N350RT router's setWizardCfg function, found in the /cgi-bin/cstecgi.cgi file. This flaw can be exploited remotely by manipulating the 'ssid' argument, potentially allowing attackers to execute arbitrary code on the affected device. The vulnerability has been publicly disclosed, raising concerns about the security of devices running the affected firmware version 9.3.5u.6139_B20201216. With no response from the vendor upon discovery and disclosure of this vulnerability, users are urged to take protective measures to secure their networks.",Totolink,N350rt,9.8,CRITICAL,0.002319999970495701,false,,false,false,true,2024-08-04T23:15:00.000Z,true,false,false,,2024-08-05T00:15:00.000Z,0
CVE-2024-7338,https://securityvulnerability.io/vulnerability/CVE-2024-7338,Buffer Overflow Vulnerability in TOTOLINK EX1200L Router Firmware,"A severe buffer overflow vulnerability has been identified in the TOTOLINK EX1200L router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This vulnerability is triggered by manipulating the week, sTime, or eTime arguments. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code on the router, potentially allowing for the complete takeover of the device. This critical issue has been publicized, raising concerns about its exploitation in the wild. TOTOLINK has been notified of this vulnerability but has not provided any response or mitigation guidance.",Totolink,Ex1200l,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-08-01T02:31:04.000Z,true,false,false,,2024-08-01T03:31:04.032Z,0
CVE-2024-7337,https://securityvulnerability.io/vulnerability/CVE-2024-7337,Buffer Overflow in TOTOLINK EX1200L Due to Vulnerable Loginauth Function,"A severe vulnerability has been identified in the TOTOLINK EX1200L model, specifically within the loginauth function located in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the http_host argument, which can lead to a buffer overflow condition. Attackers can exploit this vulnerability remotely, potentially compromising the system’s security and gaining unauthorized access. Despite early notification to the vendor regarding the issue, there has been no response or fix provided. Users of the affected firmware version are advised to take precautionary measures to mitigate potential risks.",Totolink,Ex1200l,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-08-01T02:00:06.000Z,true,false,false,,2024-08-01T03:00:06.098Z,0
CVE-2024-7336,https://securityvulnerability.io/vulnerability/CVE-2024-7336,Buffer Overflow Vulnerability in TOTOLINK EX200,"A critical buffer overflow vulnerability has been identified in the TOTOLINK EX200 router, specifically within the loginauth feature found in the file /cgi-bin/cstecgi.cgi. This vulnerability arises from improper handling of the 'http_host' argument, which can be manipulated by attackers to potentially execute arbitrary code or crash the device. This flaw allows attackers to launch remote exploits, making it imperative for users and organizations to address this vulnerability promptly. Despite prior outreach, the vendor has not responded to disclosures regarding this critical security issue. It is crucial for users of the affected version to apply necessary mitigations or updates to safeguard their systems.",Totolink,Ex200,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-08-01T01:31:04.000Z,true,false,false,,2024-08-01T02:31:04.790Z,0
CVE-2024-7335,https://securityvulnerability.io/vulnerability/CVE-2024-7335,Buffer Overflow Vulnerability in EX200 Could Lead to Remote Execution,"A vulnerability exists in the TOTOLINK EX200 version 4.0.3c.7646_B20201211 within the getSaveConfig function located in /cgi-bin/cstecgi.cgi?action=save&setting. The vulnerability arises from improper handling of the argument http_host, which could result in a buffer overflow, allowing an attacker to exploit this remotely. The details of this vulnerability have been publicly disclosed, raising concerns about its potential exploitation. The vendor has not provided any response to prior disclosures regarding this issue.",Totolink,Ex200,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-08-01T01:00:06.000Z,true,false,false,,2024-08-01T02:00:06.560Z,0
CVE-2024-7334,https://securityvulnerability.io/vulnerability/CVE-2024-7334,Buffer Overflow Vulnerability in EX1200L Could be Remotely Exploited,"A significant vulnerability exists in the TOTOLINK EX1200L firmware version 9.3.5u.6146_B20201023, specifically within the UploadCustomModule feature located in the /cgi-bin/cstecgi.cgi file. This vulnerability could result in a buffer overflow, allowing attackers to potentially execute arbitrary code remotely. The exploit method has been publicly disclosed, heightening the risk for users who have not updated their devices. This situation is worsened by the lack of response from TOTOLINK following the initial disclosure, which raises concerns about user safety and device security.",Totolink,Ex1200l,8.8,HIGH,0.0016499999910593033,false,,false,false,true,2024-08-01T00:31:04.000Z,true,false,false,,2024-08-01T01:31:04.816Z,0