cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-1004,https://securityvulnerability.io/vulnerability/CVE-2024-1004,Totolink N200RE cstecgi.cgi loginAuth stack-based overflow,"A vulnerability affecting Totolink N200RE routers has been identified, specifically in the loginAuth function within the /cgi-bin/cstecgi.cgi file. The issue arises from improper handling of the http_host argument, leading to a stack-based buffer overflow which can be exploited remotely. This vulnerability poses significant risks, as it may allow attackers to execute arbitrary code on the device. The details of this exploit have been made public, raising concerns about the potential for malicious use. Prompt awareness and mitigation strategies are essential for users of affected products.",Totolink,N200RE,7.2,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T15:00:07.000Z,true,false,false,,2024-01-29T15:00:07.267Z,0
CVE-2024-1003,https://securityvulnerability.io/vulnerability/CVE-2024-1003,Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow,"A vulnerability has been identified in the Totolink N200RE router, specifically in the setLanguageCfg function found within the /cgi-bin/cstecgi.cgi file. This weakness allows for a stack-based buffer overflow, which can be triggered by manipulating the 'lang' argument. The nature of this exploitation enables remote attackers to execute arbitrary code when the flaw is leveraged. Despite early notifications to the vendor regarding the vulnerability details, there has been no communication from Totolink. The potential for exploitation remains high, particularly as the details of the exploit have been made public.",Totolink,N200RE,8.8,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T14:31:03.000Z,true,false,false,,2024-01-29T14:31:03.812Z,0
CVE-2024-1002,https://securityvulnerability.io/vulnerability/CVE-2024-1002,Totolink N200RE cstecgi.cgi setIpPortFilterRules stack-based overflow,"A stack-based buffer overflow vulnerability exists in the Totolink N200RE router, specifically within the setIpPortFilterRules function located in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate the ePort parameter, potentially leading to remote exploitation. The vulnerability has been publicly disclosed, putting users at risk as the exploit may soon be utilized by malicious actors. Despite attempts to notify the vendor of the issue, no response has been received regarding remedial actions.",Totolink,N200RE,8.8,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T14:00:06.000Z,true,false,false,,2024-01-29T14:00:06.271Z,0
CVE-2024-1001,https://securityvulnerability.io/vulnerability/CVE-2024-1001,Totolink N200RE cstecgi.cgi main stack-based overflow,"A vulnerability has been identified in the Totolink N200RE version 9.3.5u.6139_B20201216, specifically within the main function of the file /cgi-bin/cstecgi.cgi. This vulnerability is characterized as a stack-based buffer overflow, which allows for potential exploitation through remote access. The exploit has become public knowledge, raising concerns about the potential for malicious actors to target this vulnerability. Despite attempts to contact the vendor regarding this issue, there has been no response. Users of this product are advised to take necessary precautions to mitigate risks associated with this vulnerability.",Totolink,N200RE,9.8,CRITICAL,0.0019099999917671084,false,,false,false,true,2024-01-29T13:31:04.000Z,true,false,false,,2024-01-29T13:31:04.977Z,0
CVE-2024-1000,https://securityvulnerability.io/vulnerability/CVE-2024-1000,Totolink N200RE cstecgi.cgi setTracerouteCfg stack-based overflow,"A notable vulnerability affects the Totolink N200RE product, specifically in the setTracerouteCfg functionality within the /cgi-bin/cstecgi.cgi file. The vulnerability is characterized by a stack-based buffer overflow arising from improper handling of the command argument, allowing remote attackers to manipulate the buffer. The public disclosure has raised concerns over potential exploitation, as the vendor has not responded to early communication regarding the issue. Users of the affected version are advised to take precautionary measures.",Totolink,N200RE,8.8,HIGH,0.0038499999791383743,false,,false,false,true,2024-01-29T13:31:03.000Z,true,false,false,,2024-01-29T13:31:03.916Z,0
CVE-2024-0999,https://securityvulnerability.io/vulnerability/CVE-2024-0999,Totolink N200RE cstecgi.cgi setParentalRules stack-based overflow,"A vulnerability exists in the Totolink N200RE router, specifically affecting the 'setParentalRules' function within the /cgi-bin/cstecgi.cgi file. The issue arises due to improper handling of the 'eTime' argument, which can lead to a stack-based buffer overflow. This flaw allows remote attackers to exploit the device without needing physical access, making it a significant risk. The vulnerability has been publicly disclosed, highlighting the urgency for users to apply necessary mitigations or upgrades to protect their networks.",Totolink,N200RE,8.8,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T13:00:08.000Z,true,false,false,,2024-01-29T13:00:08.732Z,0
CVE-2024-0998,https://securityvulnerability.io/vulnerability/CVE-2024-0998,Totolink N200RE cstecgi.cgi setDiagnosisCfg stack-based overflow,"A vulnerability has been identified in the Totolink N200RE routers, specifically in the setDiagnosisCfg function found in the /cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the 'ip' argument, which can lead to a stack-based buffer overflow. An attacker can exploit this vulnerability remotely, potentially compromising the security and functionality of the affected router. Despite prior notification to the vendor regarding this vulnerability, there has been no response, highlighting a critical need for users to take immediate protective measures, such as applying security patches or disabling affected features until a fix is available. Continued public disclosure about this vulnerability emphasizes the urgency for Totolink users to remain vigilant.",Totolink,N200RE,8.8,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T13:00:07.000Z,true,false,false,,2024-01-29T13:00:07.339Z,0
CVE-2024-0997,https://securityvulnerability.io/vulnerability/CVE-2024-0997,Totolink N200RE cstecgi.cgi setOpModeCfg stack-based overflow,"A vulnerability identified in the Totolink N200RE product resides in the function setOpModeCfg located in the file /cgi-bin/cstecgi.cgi, which is prone to a stack-based buffer overflow. The flaw arises from inadequate input validation related to the pppoeUser argument. An attacker could exploit this vulnerability remotely, potentially leading to unauthorized access and control over the device's operations. This issue was publicly disclosed, indicating a need for urgent remediation to protect users from possible exploitation.",Totolink,N200RE,8.8,HIGH,0.005330000072717667,false,,false,false,true,2024-01-29T12:31:03.000Z,true,false,false,,2024-01-29T12:31:03.782Z,0
CVE-2024-0942,https://securityvulnerability.io/vulnerability/CVE-2024-0942,Totolink N200RE V5 cstecgi.cgi session expiration,A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Totolink,N200RE V5,4.3,MEDIUM,0.001509999972768128,false,,false,false,true,2024-01-26T20:15:00.000Z,true,false,false,,2024-01-26T20:15:00.000Z,0
CVE-2022-46025,https://securityvulnerability.io/vulnerability/CVE-2022-46025,Incorrect Access Control in Totolink Product,"The Totolink N200RE_V5, specifically version V9.3.5u.6255_B20211224, is exposed to an Incorrect Access Control vulnerability. This flaw enables remote attackers to exploit the system, granting unauthorized access to sensitive Wi-Fi system information, including the Wi-Fi SSID and password. Such vulnerabilities pose significant risks, allowing malicious entities to infiltrate networks and potentially compromise user data and privacy. It is crucial for users and network administrators to implement security measures to protect against these unauthorized access risks.",Totolink,N200re V5 Firmware,9.1,CRITICAL,0.0012700000079348683,false,,false,false,false,,,false,false,,2024-01-10T00:00:00.000Z,0
CVE-2024-0299,https://securityvulnerability.io/vulnerability/CVE-2024-0299,Totolink N200RE cstecgi.cgi setTracerouteCfg os command injection,"A security vulnerability has been identified in Totolink's N200RE router that enables OS command injection through the setTracerouteCfg function found in the /cgi-bin/cstecgi.cgi file. By crafting specific commands, an attacker can manipulate this function remotely, posing serious risks to the integrity and security of the device. This vulnerability has been publicly disclosed and poses significant threats, emphasizing the importance of immediate remediation and security measures for affected users.",Totolink,N200RE,9.8,CRITICAL,0.06453000009059906,false,,false,false,true,2024-01-08T06:15:00.000Z,true,false,false,,2024-01-08T06:15:00.000Z,0
CVE-2024-0298,https://securityvulnerability.io/vulnerability/CVE-2024-0298,Totolink N200RE cstecgi.cgi setDiagnosisCfg os command injection,"A vulnerability exists in the Totolink N200RE router, specifically targeting the setDiagnosisCfg function located in /cgi-bin/cstecgi.cgi. This vulnerability allows an attacker to perform OS command injection through manipulation of the 'ip' argument. An exploit can be executed remotely, exposing affected devices to potential compromise. The vulnerability has been publicly disclosed, highlighting its severity and the need for immediate attention. Despite early notification efforts to the vendor, there has been no response regarding the resolution of this critical issue.",Totolink,N200RE,9.8,CRITICAL,0.08995000272989273,false,,false,false,true,2024-01-08T05:15:00.000Z,true,false,false,,2024-01-08T05:15:00.000Z,0
CVE-2024-0297,https://securityvulnerability.io/vulnerability/CVE-2024-0297,Totolink N200RE cstecgi.cgi UploadFirmwareFile os command injection,"An OS command injection vulnerability has been identified in the Totolink N200RE router's firmware version 9.3.5u.6139_B20201216. This vulnerability arises from a flaw in the UploadFirmwareFile functionality within the '/cgi-bin/cstecgi.cgi' file. Malicious actors can exploit this weakness by manipulating the 'FileName' argument, which may allow them to execute arbitrary commands on the underlying operating system. This exploit can be initiated remotely, exposing the product to significant security risks. The vulnerability has been publicly disclosed, and the vendor has not responded to inquiries regarding its remediation.",Totolink,N200RE,9.8,CRITICAL,0.08995000272989273,false,,false,false,true,2024-01-08T05:15:00.000Z,true,false,false,,2024-01-08T05:15:00.000Z,0
CVE-2024-0296,https://securityvulnerability.io/vulnerability/CVE-2024-0296,Totolink N200RE cstecgi.cgi NTPSyncWithHost os command injection,"A vulnerability has been identified in the Totolink N200RE router, specifically within the NTPSyncWithHost function of the /cgi-bin/cstecgi.cgi file. This security flaw allows for remote attacks exploiting the manipulation of the host_time argument, leading to OS command injection. The issue has been publicly disclosed, raising concerns about potential exploitation. Despite efforts to inform the vendor, no response has been received. Stakeholders are urged to assess their systems for this vulnerability to mitigate risks associated with remote unauthenticated attacks.",Totolink,N200RE,9.8,CRITICAL,0.08995000272989273,false,,false,false,true,2024-01-08T04:15:00.000Z,true,false,false,,2024-01-08T04:15:00.000Z,0
CVE-2023-4746,https://securityvulnerability.io/vulnerability/CVE-2023-4746,TOTOLINK N200RE V5 Validity_check format string,"A security vulnerability has been identified in the TOTOLINK N200RE V5 router, specifically in the Validity_check function. This flaw allows attackers to manipulate format strings, which can lead to OS command injection when they bypass the necessary validation. Remote attackers can exploit this vulnerability, making it critical to patch and secure affected devices promptly. This exploit has been publicly disclosed, raising concerns over potential attacks.",TOTOLINK,N200RE V5,8.8,HIGH,0.0026599999982863665,false,,false,false,false,,,false,false,,2023-09-04T01:15:00.000Z,0
CVE-2023-2790,https://securityvulnerability.io/vulnerability/CVE-2023-2790,TOTOLINK N200RE Telnet Service custom.conf password in configuration file,A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,TOTOLINK,N200RE,5.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2023-05-18T13:15:00.000Z,0
CVE-2022-48113,https://securityvulnerability.io/vulnerability/CVE-2022-48113,Remote Access Vulnerability in TOTOLINK N200RE_v5 Firmware,"A vulnerability in the TOTOLINK N200RE_v5 firmware allows unauthenticated attackers to exploit the telnet service through a specially crafted POST request. This flaw enables attackers to gain unauthorized access and potentially log in as the root user, utilizing hardcoded credentials. The implications of this vulnerability may lead to critical unauthorized control over network devices.",Totolink,N200re-v5 Firmware,9.8,CRITICAL,0.02607000060379505,false,,false,false,false,,,false,false,,2023-02-02T00:00:00.000Z,0
CVE-2020-23617,https://securityvulnerability.io/vulnerability/CVE-2020-23617,Cross Site Scripting Vulnerability in Totolink Routers,"A Cross Site Scripting (XSS) vulnerability exists in the error page of Totolink N200RE and N100RE routers. Attackers can exploit this weakness to execute arbitrary web scripts or HTML through the SCRIPT element, leading to potential unauthorized access and control over affected systems.",Totolink,N200re Firmware,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-05-02T23:15:00.000Z,0