cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7215,https://securityvulnerability.io/vulnerability/CVE-2024-7215,Command Injection Vulnerability in TOTOLINK LR1200,"A serious command injection vulnerability exists within the TOTOLINK LR1200 model running version 9.3.1cu.2832, specifically in the NTPSyncWithHost function of the cgi-bin/cstecgi.cgi file. The vulnerability arises from improper handling of user-supplied input, allowing malicious actors to execute arbitrary commands on the device. This exploitation can be performed remotely, posing a significant security risk. The vendor has been notified of this issue but has not responded to the report. Users are strongly advised to apply any available updates or mitigate the risk until a patch is released.",TOTOLINK,Lr1200 Firmware,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-07-30T04:15:00.000Z,0
CVE-2024-7216,https://securityvulnerability.io/vulnerability/CVE-2024-7216,Vulnerability in TOTOLINK LR1200 Could Lead to Password Discovery,A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,TOTOLINK,Lr1200 Firmware,5.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2024-07-30T04:15:00.000Z,0