cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42966,https://securityvulnerability.io/vulnerability/CVE-2024-42966,Access Control Vulnerability in TOTOLINK Router,"The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.",Totolink,N350rt Firmware,9.8,CRITICAL,0.018230000510811806,false,,false,false,false,,false,false,2024-08-15T17:15:00.000Z,0
CVE-2024-7462,https://securityvulnerability.io/vulnerability/CVE-2024-7462,Buffer Overflow Exploit in TOTOLINK N350RT Router,"A critical buffer overflow vulnerability exists in the TOTOLINK N350RT router's setWizardCfg function, found in the /cgi-bin/cstecgi.cgi file. This flaw can be exploited remotely by manipulating the 'ssid' argument, potentially allowing attackers to execute arbitrary code on the affected device. The vulnerability has been publicly disclosed, raising concerns about the security of devices running the affected firmware version 9.3.5u.6139_B20201216. With no response from the vendor upon discovery and disclosure of this vulnerability, users are urged to take protective measures to secure their networks.",Totolink,N350rt,9.8,CRITICAL,0.003269999986514449,false,,false,false,true,true,false,false,2024-08-05T00:15:00.000Z,0
CVE-2024-7333,https://securityvulnerability.io/vulnerability/CVE-2024-7333,Buffer Overflow Vulnerability in TOTOLINK N350RT Router,"A serious buffer overflow vulnerability has been identified in the TOTOLINK N350RT router, specifically within the setParentalRules function located in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate input parameters such as week, sTime, and eTime, potentially leading to unauthorized access or control over the device. The vulnerability can be exploited remotely, making it a significant threat to users. Despite early warnings provided to the vendor, no response was received regarding the issue. Users are advised to apply any available security patches and monitor for updates to protect their devices from potential exploitation.",Totolink,N350rt,8.8,HIGH,0.0023300000466406345,false,,false,false,true,true,false,false,2024-08-01T01:00:07.454Z,0
CVE-2024-0943,https://securityvulnerability.io/vulnerability/CVE-2024-0943,Totolink N350RT cstecgi.cgi session expiration,A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Totolink,N350RT,5.3,MEDIUM,0.0006000000284984708,false,,false,false,true,true,false,false,2024-01-26T20:15:00.000Z,0
CVE-2024-0570,https://securityvulnerability.io/vulnerability/CVE-2024-0570,Totolink N350RT Setting cstecgi.cgi access control,"The vulnerability in the Totolink N350RT router specifically affects the Setting Handler component, located in the /cgi-bin/cstecgi.cgi file. It exposes the system to improper access control risks, allowing unauthorized users to manipulate critical functionalities remotely. This security flaw underscores the necessity for immediate software upgrades to safeguard user confidentiality and data integrity. It is essential for administrators to apply the latest patches to mitigate potential exploitation risks associated with this vulnerability.",Totolink,N350rt,9.1,CRITICAL,0.006490000057965517,false,,false,false,false,,false,false,2024-01-16T13:31:04.015Z,0
CVE-2023-7219,https://securityvulnerability.io/vulnerability/CVE-2023-7219,Totolink N350RT cstecgi.cgi loginAuth stack-based overflow,"A vulnerability has been identified in the Totolink N350RT router version 9.3.5u.6139_B202012 related to the loginAuth function in the /cgi-bin/cstecgi.cgi script. Manipulating the http_host argument can lead to a stack-based buffer overflow, allowing an attacker to execute remote exploits. The details of this vulnerability have been publicly disclosed, and the potential for exploitation has raised significant security concerns. Despite early notification, the vendor has not responded to address this issue.",Totolink,N350RT,9.8,CRITICAL,0.0019399999873712659,false,,false,false,true,true,false,false,2024-01-09T06:15:00.000Z,0
CVE-2023-7218,https://securityvulnerability.io/vulnerability/CVE-2023-7218,Totolink N350RT cstecgi.cgi loginAuth stack-based overflow,"A vulnerability affecting the Totolink N350RT router allows for a stack-based buffer overflow due to improper handling of the password argument in the loginAuth function located in the /cgi-bin/cstecgi.cgi file. This issue could be exploited remotely, enabling attackers to compromise the device's security. The vendor was notified about the vulnerability before public disclosure but did not respond. Users of the affected router model should take immediate action to mitigate potential security risks.",Totolink,N350RT,7.2,HIGH,0.005330000072717667,false,,false,false,false,,false,false,2024-01-08T21:15:00.000Z,0
CVE-2023-7214,https://securityvulnerability.io/vulnerability/CVE-2023-7214,Totolink N350RT HTTP POST Request main stack-based overflow,"A vulnerability has been identified in the Totolink N350RT router, specifically within the HTTP POST Request Handler function located in /cgi-bin/cstecgi.cgi. Manipulation of the parameter 'v8' can result in a stack-based buffer overflow, which poses a significant risk for remote attack vectors. Exploit details for this vulnerability are publicly available, potentially allowing malicious actors to compromise affected devices. Despite prior notification to the vendor, there has been no response regarding this issue.",Totolink,N350RT,8.8,HIGH,0.006630000192672014,false,,false,false,true,true,false,false,2024-01-07T20:15:00.000Z,0
CVE-2023-7213,https://securityvulnerability.io/vulnerability/CVE-2023-7213,Totolink N350RT HTTP POST Request main stack-based overflow,"A stack-based buffer overflow vulnerability exists in the Totolink N350RT router due to inadequate input validation in the HTTP POST request handler. Specifically, the flaw is triggered by manipulating the 'v33' argument in the login function of the '/cgi-bin/cstecgi.cgi?action=login&flag=1' endpoint. This vulnerability allows an attacker to execute arbitrary code remotely, compromising the integrity and security of the device. The issue has been publicly disclosed, and users are advised to take immediate action to mitigate potential risks.",Totolink,N350RT,8.8,HIGH,0.006630000192672014,false,,false,false,true,true,false,false,2024-01-07T19:15:00.000Z,0
CVE-2023-7187,https://securityvulnerability.io/vulnerability/CVE-2023-7187,Totolink N350RT HTTP POST Request stack-based overflow,"A stack-based buffer overflow vulnerability has been identified in the Totolink N350RT router, specifically in the HTTP POST request handler found in the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8. This flaw can be exploited through improper processing of certain requests, potentially allowing attackers to execute arbitrary code or crash the device. Public disclosure of the exploit method raises concerns regarding its accessibility and potential threat to network security. The vendor has been notified about this issue, but has not yet responded.",Totolink,N350RT,8.8,HIGH,0.0006900000153109431,false,,false,false,false,,false,false,2023-12-31T14:15:00.000Z,0
CVE-2022-36488,https://securityvulnerability.io/vulnerability/CVE-2022-36488,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"A stack overflow vulnerability has been identified in the TOTOLINK N350RT router. The issue arises in the setIpPortFilterRules function, where inadequate input validation on the sPort parameter allows an attacker to potentially exploit the overflow. This could lead to arbitrary code execution or disruption of services, posing serious security risks for network environments utilizing this router. Users are advised to apply any available patches and review their security configurations.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2022-08-25T13:55:14.000Z,0
CVE-2022-36487,https://securityvulnerability.io/vulnerability/CVE-2022-36487,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router has a vulnerability that allows an attacker to execute arbitrary commands through the command parameter in the setTracerouteCfg function. This weakness could be exploited to gain unauthorized access or control over the device, potentially compromising the network security. Users should ensure their devices are updated to the latest firmware to protect against this threat.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,false,false,2022-08-25T13:55:13.000Z,0
CVE-2022-36486,https://securityvulnerability.io/vulnerability/CVE-2022-36486,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router is impacted by a command injection vulnerability, which occurs in the UploadFirmwareFile function via the FileName parameter. This flaw could allow an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and control of network resources. It highlights the importance of secure coding practices to prevent exploitation through firmware uploads.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36485,https://securityvulnerability.io/vulnerability/CVE-2022-36485,Command Injection Vulnerability in TOTOLINK N350RT Router,"A command injection vulnerability exists in the TOTOLINK N350RT router, specifically in the setOpModeCfg function. The vulnerability can be exploited through the hostName parameter, allowing an attacker to execute arbitrary commands on the device. This may lead to unauthorized control of the router and compromise the security of the network.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,false,false,2022-08-25T13:55:12.000Z,0
CVE-2022-36484,https://securityvulnerability.io/vulnerability/CVE-2022-36484,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"A stack overflow vulnerability was identified in the TOTOLINK N350RT router model. This vulnerability can be exploited through the function setDiagnosisCfg, potentially allowing an attacker to execute arbitrary code or cause a denial of service, thereby compromising the security and functionality of the affected device. Users are advised to implement necessary security measures to protect their networks and devices.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2022-08-25T13:55:11.000Z,0
CVE-2022-36483,https://securityvulnerability.io/vulnerability/CVE-2022-36483,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router version V9.3.5u.6139_B20201216 has been identified to have a stack overflow vulnerability associated with the pppoeUser parameter. This vulnerability can potentially allow attackers to execute arbitrary code or crash the device, posing serious risks to network security and data integrity. Users of this router model are advised to review their device configurations and apply necessary patches to mitigate this risk.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2022-08-25T13:54:40.000Z,0
CVE-2022-36482,https://securityvulnerability.io/vulnerability/CVE-2022-36482,Command Injection Vulnerability in TOTOLINK N350RT Router,"A command injection vulnerability has been identified in the TOTOLINK N350RT router, specifically in the lang parameter of the setLanguageCfg function. This weakness allows attackers to execute arbitrary commands on the device by injecting malicious input, potentially compromising the security and functionality of the router.",Totolink,N350rt Firmware,7.8,HIGH,0.0009699999936856329,false,,false,false,false,,false,false,2022-08-25T13:54:38.000Z,0
CVE-2022-36481,https://securityvulnerability.io/vulnerability/CVE-2022-36481,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router is susceptible to a command injection vulnerability that occurs via the 'ip' parameter in the setDiagnosisCfg function. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and the security of the network it serves. Timely awareness and remediation are crucial for users relying on this device to safeguard their network.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,false,false,2022-08-25T13:54:37.000Z,0
CVE-2022-36480,https://securityvulnerability.io/vulnerability/CVE-2022-36480,Stack Overflow in TOTOLINK Router Product,"The TOTOLINK N350RT router is susceptible to a stack overflow vulnerability that arises from improper handling of the command parameter in the setTracerouteCfg function. This flaw could potentially allow an attacker to execute arbitrary code, compromising the router’s integrity and exposing users to various security risks. It is essential for users to address this vulnerability promptly to protect their network.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2022-08-25T13:54:36.000Z,0
CVE-2022-36479,https://securityvulnerability.io/vulnerability/CVE-2022-36479,Command Injection Vulnerability in TOTOLINK N350RT by TOTOLINK,"The TOTOLINK N350RT router has a command injection vulnerability that can be exploited through the 'host_time' parameter in the NTPSyncWithHost function. This weakness allows an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access or control over the router's operations. Users of the affected version are advised to take immediate action to mitigate the risks associated with this flaw.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,false,false,2022-08-25T13:54:32.000Z,0