cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40041,https://securityvulnerability.io/vulnerability/CVE-2023-40041,Stack-Based Buffer Overflow Vulnerability in TOTOLINK T10_v2 Router,"The TOTOLINK T10_v2 Router contains a stack-based buffer overflow vulnerability in the setWiFiWpsConfig function, found in /lib/cste_modules/wps.so. By sending specially crafted data through an MQTT packet using the pin parameter, attackers can manipulate the return address within the memory stack, leading to arbitrary code execution. This vulnerability poses a significant risk in unauthorized access and control over the affected device.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0017900000093504786,false,,false,false,false,,,false,false,,2023-08-08T00:00:00.000Z,0
CVE-2023-40042,https://securityvulnerability.io/vulnerability/CVE-2023-40042,Stack-Based Buffer Overflow in TOTOLINK T10_v2,"The TOTOLINK T10_v2 5.9c.5061_B20200511 suffers from a stack-based buffer overflow in the 'setStaticDhcpConfig' function located in '/lib/cste_modules/lan.so'. This vulnerability allows attackers to send specially crafted data via the comment parameter in an MQTT packet. By controlling the return address during this process, malicious actors can execute arbitrary code, potentially compromising the device and the network it operates within. Timely patching and updates are crucial to mitigate the risk associated with this vulnerability.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.0015899999998509884,false,,false,false,false,,,false,false,,2023-08-08T00:00:00.000Z,0
CVE-2021-43636,https://securityvulnerability.io/vulnerability/CVE-2021-43636,Buffer Overflow Vulnerability in T10 V2 Firmware by T10,"Two buffer overflow vulnerabilities have been identified in T10 V2 Firmware version 4.1.8cu.5207_B20210320, specifically within the http_request_parse function. These vulnerabilities arise during the processing of host data in the HTTP request handling, which can potentially lead to unexpected behavior or system crashes.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.003719999920576811,false,,false,false,false,,,false,false,,2022-03-25T17:55:41.000Z,0
CVE-2022-25081,https://securityvulnerability.io/vulnerability/CVE-2022-25081,Command Injection Vulnerability in TOTOLink T10 Router,"The TOTOLink T10 router is susceptible to a command injection vulnerability in its 'Main' function. By manipulating the QUERY_STRING parameter, attackers can execute arbitrary commands on the affected device, potentially compromising its security and allowing unauthorized access to sensitive information.",Totolink,T10 V2 Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0