cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-36613,https://securityvulnerability.io/vulnerability/CVE-2022-36613,Hardcoded Password Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R router is affected by a security vulnerability due to a hardcoded password embedded in the device's firmware scripts. This flaw allows unauthorized access to the system by exploiting the static password located in the /etc/shadow.sample file, potentially compromising the integrity and confidentiality of the network. Users are urged to review their device settings and apply security patches to mitigate this risk.",Totolink,N600r Firmware,7.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-08-29T00:15:00.000Z,0
CVE-2022-29399,https://securityvulnerability.io/vulnerability/CVE-2022-29399,Stack Overflow Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R router version V4.3.0cu.7647_B20210106 exhibits a stack overflow vulnerability due to improper handling of the 'url' parameter in a specific function. This flaw can potentially allow attackers to execute arbitrary code, disrupting the device's operation and compromising its security. Users of this product are advised to apply updates and monitor for unauthorized access.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:50:01.000Z,0
CVE-2022-29398,https://securityvulnerability.io/vulnerability/CVE-2022-29398,Stack Overflow Vulnerability in TOTOLINK N600R Router,"A stack overflow vulnerability exists in the TOTOLINK N600R Router, specifically within the File parameter of the FUN_0041309c function. This flaw can allow attackers to exploit the system, potentially compromising its integrity and providing unauthorized access. Proper validation and sanitization measures are necessary to mitigate this risk.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:50:01.000Z,0
CVE-2022-29397,https://securityvulnerability.io/vulnerability/CVE-2022-29397,Stack Overflow Vulnerability in TOTOLINK N600R Router by TOTOLINK,"The TOTOLINK N600R router, specifically version V4.3.0cu.7647_B20210106, contains a stack overflow vulnerability triggered by the comment parameter in a specific function. This vulnerability can potentially allow attackers to execute arbitrary code, compromising the integrity and security of the device. It is crucial for users to patch their devices to prevent exploitation.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:50:00.000Z,0
CVE-2022-29395,https://securityvulnerability.io/vulnerability/CVE-2022-29395,Stack Overflow Vulnerability in TOTOLINK N600R Router,"A stack overflow vulnerability has been identified in the TOTOLINK N600R router, specifically in the apcliKey parameter within the function FUN_0041bac4. This flaw could potentially allow attackers to execute arbitrary code by sending specially crafted inputs, thereby compromising the device's integrity and security.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:59.000Z,0
CVE-2022-29396,https://securityvulnerability.io/vulnerability/CVE-2022-29396,Stack Overflow Vulnerability in TOTOLINK N600R by TOTOLINK,"The TOTOLINK N600R, specifically version V4.3.0cu.7647_B20210106, has been identified to have a stack overflow vulnerability. This flaw arises from improper handling of input parameters, particularly the comment parameter within the function FUN_00418f10. Exploiting this vulnerability could allow an attacker to execute arbitrary code, potentially compromising the network device's integrity and facilitating further attacks on connected systems.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:59.000Z,0
CVE-2022-29394,https://securityvulnerability.io/vulnerability/CVE-2022-29394,Stack Overflow Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R router, specifically version V4.3.0cu.7647_B20210106, is impacted by a stack overflow vulnerability that can be triggered through the 'macAddress' parameter in the device's firmware function. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code, leading to unauthorized access and control over the device, thereby compromising the integrity of the network.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:58.000Z,0
CVE-2022-29393,https://securityvulnerability.io/vulnerability/CVE-2022-29393,Stack Overflow Vulnerability in TOTOLINK N600R,"The TOTOLINK N600R router is affected by a stack overflow vulnerability through the comment parameter in the specific function FUN_004192cc. This flaw can potentially allow attackers to exploit the device, leading to unauthorized access or disruption of its services.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:57.000Z,0
CVE-2022-29392,https://securityvulnerability.io/vulnerability/CVE-2022-29392,Stack Overflow Vulnerability in TOTOLINK Products,"The TOTOLINK N600R device exhibits a stack overflow vulnerability due to improper handling of the comment parameter in the function FUN_00418c24. Exploiting this vulnerability may allow an attacker to execute arbitrary code, potentially compromising the integrity and confidentiality of the device.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:56.000Z,0
CVE-2022-29391,https://securityvulnerability.io/vulnerability/CVE-2022-29391,Stack Overflow Vulnerability in TOTOLINK N600R Router,"A stack overflow vulnerability has been identified in the TOTOLINK N600R router firmware, specifically in the handling of the comment parameter within the function FUN_004200c8. Exploiting this weakness can potentially allow an attacker to execute arbitrary code, compromising the integrity and availability of the device. It is essential for users of the affected version to update their firmware promptly to mitigate the risks associated with this vulnerability.",Totolink,N600r Firmware,9.8,CRITICAL,0.0026700000744313,false,,false,false,false,,,false,false,,2022-05-10T19:49:56.000Z,0
CVE-2022-28912,https://securityvulnerability.io/vulnerability/CVE-2022-28912,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R Router is susceptible to a command injection vulnerability through the 'filename' parameter in the /setting/setUpgradeFW endpoint. This flaw allows an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access and control over the router. Users are urged to take immediate action to secure their devices against this vulnerability.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:17:02.000Z,0
CVE-2022-28913,https://securityvulnerability.io/vulnerability/CVE-2022-28913,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router is susceptible to a command injection vulnerability through the `filename` parameter in the `/setting/setUploadSetting` endpoint. This issue allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the router's settings. Users are advised to apply any available patches from the vendor to mitigate this security risk.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:17:02.000Z,0
CVE-2022-28911,https://securityvulnerability.io/vulnerability/CVE-2022-28911,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router, specifically version V5.3c.7159_B20190425, has been identified as being vulnerable to a command injection issue. This vulnerability arises due to improper validation of the filename parameter in the /setting/CloudACMunualUpdate route, allowing an attacker to execute arbitrary commands on the device. Exploitation of this flaw could lead to unauthorized access, manipulation of the router's settings, and potentially compromising the security of the entire network.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:17:01.000Z,0
CVE-2022-28910,https://securityvulnerability.io/vulnerability/CVE-2022-28910,Command Injection Vulnerability in TOTOLink N600R Router from TOTOLink,"The TOTOLink N600R router has a command injection vulnerability that allows local attackers to execute arbitrary commands on the system through the devicename parameter in the /setting/setDeviceName API endpoint. This flaw can be exploited by sending specially crafted requests to the affected device, potentially leading to security breaches and unauthorized access to sensitive router configurations.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:17:01.000Z,0
CVE-2022-28909,https://securityvulnerability.io/vulnerability/CVE-2022-28909,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router has been found to contain a command injection vulnerability. This issue arises from improper validation of user input in the webwlanidx parameter when accessing the /setting/setWebWlanIdx endpoint. Exploiting this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially compromising its security and functionality.",Totolink,N600r Firmware,9.8,CRITICAL,0.012330000288784504,false,,false,false,false,,,false,false,,2022-05-10T13:17:00.000Z,0
CVE-2022-28907,https://securityvulnerability.io/vulnerability/CVE-2022-28907,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router is affected by a command injection vulnerability located in the hosttime function within the /setting/NTPSyncWithHost endpoint. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and control over the network device. Such vulnerabilities can have severe repercussions for network security, especially in environments relying on secure and reliable network operations.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:16:59.000Z,0
CVE-2022-28908,https://securityvulnerability.io/vulnerability/CVE-2022-28908,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router has been found to contain a command injection vulnerability that can be exploited through the 'ipdoamin' parameter in the '/setting/setDiagnosisCfg' endpoint. This vulnerability allows an attacker to execute arbitrary commands on the device, posing a significant risk to the integrity and security of the affected network. Users are advised to apply relevant security patches and follow best practices to mitigate potential threats.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:16:59.000Z,0
CVE-2022-28906,https://securityvulnerability.io/vulnerability/CVE-2022-28906,Command Injection in TOTOLink N600R Router,The TOTOLink N600R router has been identified to have a command injection vulnerability that can be exploited through the 'langtype' parameter in the '/setting/setLanguageCfg' endpoint. This flaw allows an attacker to send malicious input that could lead to the execution of arbitrary commands on the device. Addressing this vulnerability is crucial for maintaining the integrity and security of networked devices and preventing unauthorized access.,Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:16:58.000Z,0
CVE-2022-28905,https://securityvulnerability.io/vulnerability/CVE-2022-28905,Command Injection Vulnerability in TOTOLink N600R Router,"The TOTOLink N600R router has been found to be susceptible to a command injection vulnerability. Specifically, the vulnerability occurs through the 'devicemac' parameter in the '/setting/setDeviceName' endpoint. Attackers can exploit this flaw to execute arbitrary commands on the device, potentially compromising the security and functionality of the router. This vulnerability highlights the necessity for robust input validation mechanisms in network devices to prevent unauthorized access and control.",Totolink,N600r Firmware,9.8,CRITICAL,0.012400000356137753,false,,false,false,false,,,false,false,,2022-05-10T13:16:58.000Z,0
CVE-2022-27411,https://securityvulnerability.io/vulnerability/CVE-2022-27411,Command Injection Vulnerability in TOTOLINK N600R Router,"A command injection vulnerability exists in the TOTOLINK N600R router, specifically within the 'Main' function. The issue occurs through improper handling of the QUERY_STRING parameter, allowing an attacker to execute arbitrary commands on the device. This potentially compromises the integrity and confidentiality of the network's configuration and data. It is crucial for users to apply updates or implement mitigation strategies to safeguard against potential exploitation.",Totolink,N600r Firmware,9.8,CRITICAL,0.0690699964761734,false,,false,false,false,,,false,false,,2022-05-05T18:05:28.000Z,0
CVE-2022-26189,https://securityvulnerability.io/vulnerability/CVE-2022-26189,Command Injection Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R router is susceptible to a command injection vulnerability via the langType parameter in its login interface. This security flaw may allow an attacker to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the router's settings. Network administrators are encouraged to review their current configurations and apply necessary updates to mitigate associated risks.",Totolink,N600r Firmware,9.8,CRITICAL,0.18966999650001526,false,,false,false,false,,,false,false,,2022-03-22T20:13:21.000Z,0
CVE-2022-26188,https://securityvulnerability.io/vulnerability/CVE-2022-26188,Command Injection Vulnerability in TOTOLINK N600R Router,"A command injection vulnerability exists in the TOTOLINK N600R router that allows an attacker to send crafted requests to the /setting/NTPSyncWithHost endpoint. By exploiting this vulnerability, unauthorized commands can be executed on the affected device, potentially compromising the device and its network environment.",Totolink,N600r Firmware,9.8,CRITICAL,0.18966999650001526,false,,false,false,false,,,false,false,,2022-03-22T20:13:19.000Z,0
CVE-2022-26187,https://securityvulnerability.io/vulnerability/CVE-2022-26187,Command Injection Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R Router has been identified to have a command injection vulnerability in its pingCheck function. This flaw could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access and control over networked devices. Proper remediation and firmware updates are recommended to safeguard against potential exploitation.",Totolink,N600r Firmware,9.8,CRITICAL,0.18966999650001526,false,,false,false,false,,,false,false,,2022-03-22T20:13:17.000Z,0
CVE-2022-26186,https://securityvulnerability.io/vulnerability/CVE-2022-26186,Command Injection Vulnerability in TOTOLINK N600R Router,"The TOTOLINK N600R router is susceptible to a command injection vulnerability that occurs through the exportOvpn interface located in cstecgi.cgi. This security flaw allows an attacker to execute arbitrary commands on the router, potentially leading to unauthorized access and control. Users of affected versions should take immediate action to mitigate risks.",Totolink,N600r Firmware,9.8,CRITICAL,0.18966999650001526,false,,false,false,false,,,false,false,,2022-03-22T20:13:16.000Z,0