cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9001,https://securityvulnerability.io/vulnerability/CVE-2024-9001,OS Command Injection Threat in TOTOLINK T10 Router,"A security vulnerability exists in the TOTOLINK T10 router, specifically within the setTracerouteCfg function found in the /cgi-bin/cstecgi.cgi file. This issue allows an attacker to execute arbitrary OS commands through improper validation of input parameters, leading to potential system compromise. The vulnerability can be exploited remotely, which increases its risk level. Despite early warnings provided to the vendor, there has been no acknowledgment or response, leaving users of affected versions exposed. It is imperative for users to remediate this vulnerability to safeguard their networks from malicious attacks.",Totolink,T10,8.8,HIGH,0.0013800000306218863,false,,false,false,true,2024-09-19T19:00:09.000Z,true,false,false,,2024-09-19T20:00:09.012Z,0
CVE-2024-8577,https://securityvulnerability.io/vulnerability/CVE-2024-8577,Buffer Overflow Issue in TOTOLINK AC1200 T8 and T10 Products,"A critical buffer overflow vulnerability has been discovered in the TOTOLINK AC1200 T8 and T10 routers within the setStaticDhcpRules function located in /cgi-bin/cstecgi.cgi. This vulnerability arises from improper handling of input arguments, particularly the 'desc' parameter, leading to potential remote code execution. As the exploit has been publicly disclosed, it poses a significant risk to users of these devices. Security measures should be taken immediately to mitigate potential attacks, which could exploit this flaw without requiring any prior authentication.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T17:31:05.000Z,true,false,false,,2024-09-08T18:31:05.815Z,0
CVE-2024-8576,https://securityvulnerability.io/vulnerability/CVE-2024-8576,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Products,"A significant buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically in the setIpPortFilterRules function located within the cgi-bin/cstecgi.cgi file. This vulnerability enables an attacker to manipulate the 'desc' parameter, potentially leading to code execution via a remote attack. The exploit has been publicly disclosed, and even though the vendor was notified prior to the disclosure, no response was received. Users of these routers are advised to take immediate action to secure their devices.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T17:00:06.000Z,true,false,false,,2024-09-08T18:00:06.899Z,0
CVE-2024-8573,https://securityvulnerability.io/vulnerability/CVE-2024-8573,Buffer Overflow Vulnerability in TOTOLINK AC1200 T8 and T10 Routers,"A critical buffer overflow vulnerability has been identified in the TOTOLINK AC1200 T8 and AC1200 T10 routers, specifically within the setParentalRules function located in the cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by manipulating the 'desc' argument, leading to a buffer overflow condition. The nature of this flaw allows for remote exploitation, opening the door for potential attackers to execute arbitrary code. The exploit has already been publicly disclosed, putting users at significant risk. Despite proactive communication regarding this issue, TOTOLINK has not provided a response or mitigation strategy.",Totolink,"Ac1200 T8,Ac1200 T10",8.8,HIGH,0.0006699999794363976,false,,false,false,true,2024-09-08T09:00:06.000Z,true,false,false,,2024-09-08T10:00:06.219Z,0
CVE-2024-8162,https://securityvulnerability.io/vulnerability/CVE-2024-8162,Vulnerability in TOTOLINK T10 AC1200 Telnet Service,"A significant security flaw has been identified in the TOTOLINK T10 AC1200, specifically within the Telnet service's handling of configuration files. The vulnerability lies in the use of hard-coded credentials located in the /squashfs-root/web_cste/cgi-bin/product.ini file. This design oversight allows attackers to exploit the device remotely, potentially gaining unauthorized access to its functionalities. As of now, the vendor has not addressed this issue despite early notifications about the existence of this vulnerability. Organizations utilizing the affected product should prioritize remediation to safeguard against possible exploitation.",Totolink,T10 Ac1200,9.8,CRITICAL,0.0024300001095980406,false,,false,false,true,2024-08-26T12:00:09.000Z,true,false,false,,2024-08-26T13:00:09.562Z,0
CVE-2023-40042,https://securityvulnerability.io/vulnerability/CVE-2023-40042,Stack-Based Buffer Overflow in TOTOLINK T10_v2,"The TOTOLINK T10_v2 5.9c.5061_B20200511 suffers from a stack-based buffer overflow in the 'setStaticDhcpConfig' function located in '/lib/cste_modules/lan.so'. This vulnerability allows attackers to send specially crafted data via the comment parameter in an MQTT packet. By controlling the return address during this process, malicious actors can execute arbitrary code, potentially compromising the device and the network it operates within. Timely patching and updates are crucial to mitigate the risk associated with this vulnerability.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-08-08T00:00:00.000Z,0
CVE-2023-40041,https://securityvulnerability.io/vulnerability/CVE-2023-40041,Stack-Based Buffer Overflow Vulnerability in TOTOLINK T10_v2 Router,"The TOTOLINK T10_v2 Router contains a stack-based buffer overflow vulnerability in the setWiFiWpsConfig function, found in /lib/cste_modules/wps.so. By sending specially crafted data through an MQTT packet using the pin parameter, attackers can manipulate the return address within the memory stack, leading to arbitrary code execution. This vulnerability poses a significant risk in unauthorized access and control over the affected device.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0017900000093504786,false,,false,false,false,,,false,false,,2023-08-08T00:00:00.000Z,0
CVE-2021-43636,https://securityvulnerability.io/vulnerability/CVE-2021-43636,Buffer Overflow Vulnerability in T10 V2 Firmware by T10,"Two buffer overflow vulnerabilities have been identified in T10 V2 Firmware version 4.1.8cu.5207_B20210320, specifically within the http_request_parse function. These vulnerabilities arise during the processing of host data in the HTTP request handling, which can potentially lead to unexpected behavior or system crashes.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.003719999920576811,false,,false,false,false,,,false,false,,2022-03-25T17:55:41.000Z,0
CVE-2022-25081,https://securityvulnerability.io/vulnerability/CVE-2022-25081,Command Injection Vulnerability in TOTOLink T10 Router,"The TOTOLink T10 router is susceptible to a command injection vulnerability in its 'Main' function. By manipulating the QUERY_STRING parameter, attackers can execute arbitrary commands on the affected device, potentially compromising its security and allowing unauthorized access to sensitive information.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0