cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1340,https://securityvulnerability.io/vulnerability/CVE-2025-1340,Stack-Based Buffer Overflow Vulnerability in TOTOLINK X18 Router,"A vulnerability has been identified in the TOTOLINK X18 router, specifically within the setPasswordCfg function of the cstecgi.cgi file. This flaw can lead to a stack-based buffer overflow, allowing remote attackers to exploit the device without needing physical access. The issue has been publicly disclosed, raising the stakes for users to safeguard their networks against potential malicious activities. The vendor was notified prior to this disclosure but did not provide a response.",Totolink,X18,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-02-16T13:31:05.000Z,true,false,false,,2025-02-16T13:31:05.705Z,239
CVE-2024-57036,https://securityvulnerability.io/vulnerability/CVE-2024-57036,Command Injection Vulnerability in TOTOLINK Router,"The TOTOLINK A810R router is susceptible to a command injection vulnerability within the downloadFile.cgi function. This flaw enables a malicious actor to craft specific HTTP requests that can execute arbitrary commands on the router's system, potentially compromising device integrity and network security. Users are encouraged to update their firmware to protect against this vulnerability.",TOTOLINK,A810R,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T00:00:00.000Z,0
CVE-2024-57013,https://securityvulnerability.io/vulnerability/CVE-2024-57013,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is affected by an OS command injection vulnerability that can be exploited through the 'switch' parameter within the setScheduleCfg configuration. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access, data manipulation, or complete compromise of the device's functionality. Users are urged to review their router settings and apply any available updates to secure their devices against potential threats.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57017,https://securityvulnerability.io/vulnerability/CVE-2024-57017,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R Router has been identified with an OS command injection vulnerability impacting the 'pass' parameter within the setVpnAccountCfg function. Exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially compromising the integrity and confidentiality of the network. It is crucial for users of the affected version to apply security measures to mitigate the risk of unauthorized access and exploitation.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57016,https://securityvulnerability.io/vulnerability/CVE-2024-57016,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router has been identified to have an OS command injection vulnerability through the 'user' parameter in the setVpnAccountCfg function. This vulnerability could allow unauthorized users to execute arbitrary commands on the underlying operating system, leading to potential unauthorized access and data compromise. It is essential for users of this router model to apply available patches and to review their security configurations to mitigate any associated risks.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57018,https://securityvulnerability.io/vulnerability/CVE-2024-57018,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router suffers from an OS command injection vulnerability that can be exploited through the 'desc' parameter in the setVpnAccountCfg function. This flaw allows attackers to execute arbitrary commands on the underlying operating system, potentially compromising the device's integrity and security. Users are advised to apply necessary security patches and follow best practices to secure their devices against potential exploitation.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57014,https://securityvulnerability.io/vulnerability/CVE-2024-57014,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router, specifically version V9.1.0cu.2350_B20230313, is susceptible to an OS command injection through the 'recHour' parameter in the setScheduleCfg function. This vulnerability may allow an attacker to execute arbitrary commands on the affected device, posing potential risks to the confidentiality, integrity, and availability of the system. Users are advised to update their firmware to mitigate this vulnerability.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57011,https://securityvulnerability.io/vulnerability/CVE-2024-57011,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"An OS command injection vulnerability exists in TOTOLINK X5000R routers, specifically affecting version V9.1.0cu.2350_B20230313 through the 'minute' parameters in setScheduleCfg. This vulnerability allows attackers to execute arbitrary commands via the input fields, potentially compromising the device's integrity and exposing sensitive data. It is critical for users to implement security measures and updates to safeguard their networks from unauthorized access.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57022,https://securityvulnerability.io/vulnerability/CVE-2024-57022,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router version V9.1.0cu.2350_B20230313 is vulnerable to an OS command injection attack. This vulnerability arises from improper handling of the 'sHour' parameter in the 'setWiFiScheduleCfg' function. An attacker could exploit this vulnerability to execute arbitrary commands on the operating system, potentially leading to unauthorized access or control over the device, compromising the security of the entire network.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57012,https://securityvulnerability.io/vulnerability/CVE-2024-57012,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is susceptible to an OS command injection vulnerability that can be exploited through the 'week' parameter in the setScheduleCfg function. An attacker could leverage this flaw to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and manipulation of the router's operating system.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57015,https://securityvulnerability.io/vulnerability/CVE-2024-57015,OS Command Injection in TOTOLINK X5000R Router,"The TOTOLINK X5000R router, specifically version V9.1.0cu.2350_B20230313, has a critical vulnerability that allows for OS command injection through the 'hour' parameter in the setScheduleCfg function. This flaw can be exploited by an unauthorized attacker to execute arbitrary commands on the affected device, potentially leading to a complete compromise of the system. Users are urged to apply the necessary updates and configure their devices to mitigate risk.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57019,https://securityvulnerability.io/vulnerability/CVE-2024-57019,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R Router is affected by an OS command injection vulnerability that arises from improper handling of the 'limit' parameter within the setVpnAccountCfg function. This flaw can be exploited by an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the device. Users are advised to be vigilant and apply necessary security measures to mitigate this risk.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57021,https://securityvulnerability.io/vulnerability/CVE-2024-57021,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router is impacted by an OS command injection vulnerability through the 'eHour' parameter in the setWiFiScheduleCfg function. Attackers can exploit this flaw to execute arbitrary OS commands, which could lead to unauthorized access or control over the device. This issue highlights the importance of securing device configurations and monitoring for unusual behaviors in network equipment.",TOTOLINK,X5000R Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57020,https://securityvulnerability.io/vulnerability/CVE-2024-57020,OS Command Injection Vulnerability in TOTOLINK X5000R Router,"The TOTOLINK X5000R router has a vulnerability that allows for OS command injection through the 'sMinute' parameter in the setWiFiScheduleCfg function. This weakness can be exploited by sending crafted requests to the router, potentially allowing an attacker to execute arbitrary commands on the device's operating system. This could lead to unauthorized access and control over the network device, posing significant risks to the security of the connected network.",TOTOLINK,X5000R,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T00:00:00.000Z,0
CVE-2024-57211,https://securityvulnerability.io/vulnerability/CVE-2024-57211,Command Injection Vulnerability in TOTOLINK A6000R Router,"The TOTOLINK A6000R router has been identified to have a command injection vulnerability through the modifyOne parameter in its enable_wsh function. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising its integrity and exposing sensitive data. Immediate action is recommended to mitigate any risks associated with this security flaw.",TOTOLINK,,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-10T17:15:00.000Z,0
CVE-2024-54907,https://securityvulnerability.io/vulnerability/CVE-2024-54907,Remote Code Execution in TOTOLINK A3002R Router,"The TOTOLINK A3002R router has been identified as having a vulnerability that allows for remote code execution. This issue manifests through the /bin/boa component, specifically when using formWsc. As a result, an attacker can execute arbitrary code on the device without prior authentication. Users of the affected version of the A3002R should take immediate steps to safeguard their networks, such as applying available patches, disabling unused services, and considering additional security measures to prevent unauthorized access.",TOTOLINK,,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-26T00:00:00.000Z,0
CVE-2024-12352,https://securityvulnerability.io/vulnerability/CVE-2024-12352,Exploitable Stack-Based Buffer Overflow in TOTOLINK EX1800T Firmware,"CVE-2024-12352 is a high-risk vulnerability identified in the TOTOLINK EX1800T router's firmware version 9.1.0cu.2112_B20220316. This critical flaw exists within the function sub_40662C of the CGI script located at /cgi-bin/cstecgi.cgi. It allows attackers to manipulate the 'ssid' argument and trigger a stack-based buffer overflow, potentially enabling remote execution of arbitrary code. Given that the exploit has been publicly disclosed, it poses a significant threat to network integrity and user data security. Users are advised to apply relevant security patches and monitor for any suspicious activity.",Totolink,Ex1800t,9.8,CRITICAL,0.002300000051036477,false,,false,false,true,2024-12-09T01:00:16.000Z,true,false,false,,2024-12-09T01:00:16.961Z,0
CVE-2024-52723,https://securityvulnerability.io/vulnerability/CVE-2024-52723,Command Execution Vulnerability in TOTOLINK X6000R Router Software,"An inherent vulnerability in the TOTOLINK X6000R router's software is identified as a flaw in the shttpd file, where the Uci_Set Str function is inadequately protected by parameter filtering. This oversight enables attackers to craft and submit malicious payloads, which can lead to arbitrary command execution. As a result, unauthorized users may gain control over the affected router's functionalities, posing a significant threat to network security and data integrity.",Totolink,X6000r Firmware,9.8,CRITICAL,0.0016799999866634607,false,,false,false,false,,,false,false,,2024-11-22T16:15:00.000Z,0
CVE-2024-10966,https://securityvulnerability.io/vulnerability/CVE-2024-10966,OS Command Injection in TOTOLINK X18 Router,"A severe OS command injection vulnerability has been identified in the TOTOLINK X18 router, specifically in the handling of requests made to the cstecgi.cgi file. The flaw allows attackers to manipulate input parameters, notably the 'enable' argument, thus executing arbitrary commands on the operating system of the router. With the potential for remote exploitation, this vulnerability poses a significant threat, as attackers can gain unauthorized access and control over the affected device. Users are urged to apply security measures and updates promptly to mitigate the risks associated with this vulnerability.",Totolink,X18,8.8,HIGH,0.03700999915599823,false,,false,false,true,2024-11-07T18:00:10.000Z,true,false,false,,2024-11-07T18:00:10.394Z,0
CVE-2024-9001,https://securityvulnerability.io/vulnerability/CVE-2024-9001,OS Command Injection Threat in TOTOLINK T10 Router,"A security vulnerability exists in the TOTOLINK T10 router, specifically within the setTracerouteCfg function found in the /cgi-bin/cstecgi.cgi file. This issue allows an attacker to execute arbitrary OS commands through improper validation of input parameters, leading to potential system compromise. The vulnerability can be exploited remotely, which increases its risk level. Despite early warnings provided to the vendor, there has been no acknowledgment or response, leaving users of affected versions exposed. It is imperative for users to remediate this vulnerability to safeguard their networks from malicious attacks.",Totolink,T10,8.8,HIGH,0.0013800000306218863,false,,false,false,true,2024-09-19T19:00:09.000Z,true,false,false,,2024-09-19T20:00:09.012Z,0
CVE-2024-46419,https://securityvulnerability.io/vulnerability/CVE-2024-46419,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 is affected by a buffer overflow vulnerability located in the setWizardCfg function, which is triggered when processing the ssid5g parameter. This flaw could allow an attacker to craft malicious input that could potentially lead to unauthorized access or disruption of the device’s operation. Addressing this vulnerability is critical to ensuring the security and integrity of the network.",Totolink,T8 Firmware,9.8,CRITICAL,0.018230000510811806,false,,false,false,false,,,false,false,,2024-09-16T14:15:00.000Z,0
CVE-2024-46424,https://securityvulnerability.io/vulnerability/CVE-2024-46424,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 router version v4.1.5cu.861_B20230220 is susceptible to a buffer overflow vulnerability in the UploadCustomModule function. This security flaw allows attackers to exploit the router through the File parameter, potentially resulting in a Denial of Service (DoS) condition. As a consequence, legitimate users may experience loss of access to critical functionalities. It is imperative for users and organizations utilizing this product to evaluate their exposure and consider appropriate patching or mitigation steps to safeguard their networks.",Totolink,T8 Firmware,7.5,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-16T13:15:00.000Z,0
CVE-2024-46451,https://securityvulnerability.io/vulnerability/CVE-2024-46451,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 Router,"The TOTOLINK AC1200 T8 router version 4.1.5cu.861_B20230220 has been identified with a buffer overflow vulnerability associated with the setWiFiAclRules function. This issue is triggered via the 'desc' parameter, potentially allowing an attacker to exploit the vulnerable function. Such exploitation could lead to unauthorized access or control over the affected device, emphasizing the importance of timely updates and security measures for users of this product.",Totolink,T8 Firmware,9.8,CRITICAL,0.018230000510811806,false,,false,false,false,,,false,false,,2024-09-16T13:15:00.000Z,0
CVE-2024-8869,https://securityvulnerability.io/vulnerability/CVE-2024-8869,OS Command Injection Vulnerability in TOTOLINK A720R Router,"A critical security vulnerability has been identified in the TOTOLINK A720R router, specifically in the exportOvpn function. This flaw allows for OS command injection, posing a significant risk as it could be exploited remotely by attackers. The attack complexity is categorized as high, making it exceedingly challenging for the average user to mitigate without the necessary security measures in place. As of the last report, the vendor has not responded to advisories regarding this vulnerability, leaving devices susceptible to potential exploits. Users are advised to monitor their systems closely and apply necessary security patches or measures as they become available.",Totolink,A720r,8.1,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2024-09-15T10:31:05.443Z,0
CVE-2024-8580,https://securityvulnerability.io/vulnerability/CVE-2024-8580,Remote Code Manipulation Vulnerability in TOTOLINK AC1200 T8,"A serious vulnerability has been identified in the TOTOLINK AC1200 T8, specifically within the file '/etc/shadow.sample'. This issue arises from the presence of a hard-coded password, which poses significant security risks. The vulnerability enables remote attackers to manipulate the system, although the complexity and difficulty of exploitation are relatively high. The flaw was publicly disclosed without any response from the vendor, leaving the potential for exploitation open. Users of the affected firmware version are advised to take immediate action to safeguard their networks.",Totolink,Ac1200 T8,8.1,HIGH,0.0020000000949949026,false,,false,false,true,2024-09-08T19:31:06.000Z,true,false,false,,2024-09-08T20:31:06.358Z,0