cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42966,https://securityvulnerability.io/vulnerability/CVE-2024-42966,Access Control Vulnerability in TOTOLINK Router,"The vulnerability in the TOTOLINK N350RT router relates to improper access controls within its firmware, specifically version V9.3.5u.6139_B20201216. An attacker can exploit this weakness by sending a specially crafted request to the '/cgi-bin/ExportSettings.sh' endpoint, allowing them to access the sensitive apmib configuration file. This configuration file contains critical information, including user credentials, which can lead to further exploitation of the device and the network it connects to. Organizations should take preventive measures to secure their devices against this type of access control flaw to protect sensitive information from unauthorized access.",Totolink,N350rt Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-15T17:15:00.000Z,0
CVE-2022-36488,https://securityvulnerability.io/vulnerability/CVE-2022-36488,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"A stack overflow vulnerability has been identified in the TOTOLINK N350RT router. The issue arises in the setIpPortFilterRules function, where inadequate input validation on the sPort parameter allows an attacker to potentially exploit the overflow. This could lead to arbitrary code execution or disruption of services, posing serious security risks for network environments utilizing this router. Users are advised to apply any available patches and review their security configurations.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:55:14.000Z,0
CVE-2022-36487,https://securityvulnerability.io/vulnerability/CVE-2022-36487,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router has a vulnerability that allows an attacker to execute arbitrary commands through the command parameter in the setTracerouteCfg function. This weakness could be exploited to gain unauthorized access or control over the device, potentially compromising the network security. Users should ensure their devices are updated to the latest firmware to protect against this threat.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:55:13.000Z,0
CVE-2022-36485,https://securityvulnerability.io/vulnerability/CVE-2022-36485,Command Injection Vulnerability in TOTOLINK N350RT Router,"A command injection vulnerability exists in the TOTOLINK N350RT router, specifically in the setOpModeCfg function. The vulnerability can be exploited through the hostName parameter, allowing an attacker to execute arbitrary commands on the device. This may lead to unauthorized control of the router and compromise the security of the network.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:55:12.000Z,0
CVE-2022-36486,https://securityvulnerability.io/vulnerability/CVE-2022-36486,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router is impacted by a command injection vulnerability, which occurs in the UploadFirmwareFile function via the FileName parameter. This flaw could allow an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and control of network resources. It highlights the importance of secure coding practices to prevent exploitation through firmware uploads.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:55:12.000Z,0
CVE-2022-36484,https://securityvulnerability.io/vulnerability/CVE-2022-36484,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"A stack overflow vulnerability was identified in the TOTOLINK N350RT router model. This vulnerability can be exploited through the function setDiagnosisCfg, potentially allowing an attacker to execute arbitrary code or cause a denial of service, thereby compromising the security and functionality of the affected device. Users are advised to implement necessary security measures to protect their networks and devices.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:55:11.000Z,0
CVE-2022-36483,https://securityvulnerability.io/vulnerability/CVE-2022-36483,Stack Overflow Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router version V9.3.5u.6139_B20201216 has been identified to have a stack overflow vulnerability associated with the pppoeUser parameter. This vulnerability can potentially allow attackers to execute arbitrary code or crash the device, posing serious risks to network security and data integrity. Users of this router model are advised to review their device configurations and apply necessary patches to mitigate this risk.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:54:40.000Z,0
CVE-2022-36482,https://securityvulnerability.io/vulnerability/CVE-2022-36482,Command Injection Vulnerability in TOTOLINK N350RT Router,"A command injection vulnerability has been identified in the TOTOLINK N350RT router, specifically in the lang parameter of the setLanguageCfg function. This weakness allows attackers to execute arbitrary commands on the device by injecting malicious input, potentially compromising the security and functionality of the router.",Totolink,N350rt Firmware,7.8,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2022-08-25T13:54:38.000Z,0
CVE-2022-36481,https://securityvulnerability.io/vulnerability/CVE-2022-36481,Command Injection Vulnerability in TOTOLINK N350RT Router,"The TOTOLINK N350RT router is susceptible to a command injection vulnerability that occurs via the 'ip' parameter in the setDiagnosisCfg function. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and the security of the network it serves. Timely awareness and remediation are crucial for users relying on this device to safeguard their network.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:54:37.000Z,0
CVE-2022-36480,https://securityvulnerability.io/vulnerability/CVE-2022-36480,Stack Overflow in TOTOLINK Router Product,"The TOTOLINK N350RT router is susceptible to a stack overflow vulnerability that arises from improper handling of the command parameter in the setTracerouteCfg function. This flaw could potentially allow an attacker to execute arbitrary code, compromising the router’s integrity and exposing users to various security risks. It is essential for users to address this vulnerability promptly to protect their network.",Totolink,N350rt Firmware,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-08-25T13:54:36.000Z,0
CVE-2022-36479,https://securityvulnerability.io/vulnerability/CVE-2022-36479,Command Injection Vulnerability in TOTOLINK N350RT by TOTOLINK,"The TOTOLINK N350RT router has a command injection vulnerability that can be exploited through the 'host_time' parameter in the NTPSyncWithHost function. This weakness allows an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access or control over the router's operations. Users of the affected version are advised to take immediate action to mitigate the risks associated with this flaw.",Totolink,N350rt Firmware,7.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-08-25T13:54:32.000Z,0