cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38823,https://securityvulnerability.io/vulnerability/CVE-2022-38823,Hard Coded Password Vulnerability in TOTOLINK Router Products,"In the TOTOLINK T6 router, version V4.1.5cu.709_B20210518, a significant security vulnerability arises from a hard coded password for the root user located in the /etc/shadow.sample file. This flaw could potentially allow an unauthorized user to gain elevated access to the device, compromising its security framework and the personal data of users. Given the sensitivity of device configurations and network access, it is crucial for users to update their firmware to mitigate this risk.",Totolink,T6 Firmware,9.8,CRITICAL,0.02266000024974346,false,,false,false,false,,,false,false,,2022-09-16T14:23:06.000Z,0
CVE-2022-38826,https://securityvulnerability.io/vulnerability/CVE-2022-38826,Arbitrary Command Execution in TOTOLINK Networking Product,"The TOTOLINK T6, running version V4.1.5cu.709_B20210518, is susceptible to arbitrary command execution through the cstecgi.cgi file. This vulnerability allows attackers to execute commands remotely, potentially compromising the device's integrity and security. Users are advised to update their firmware and implement additional security measures to mitigate the associated risks.",Totolink,T6 Firmware,9.8,CRITICAL,0.04667000100016594,false,,false,false,false,,,false,false,,2022-09-16T14:15:56.000Z,0
CVE-2022-38827,https://securityvulnerability.io/vulnerability/CVE-2022-38827,Buffer Overflow Vulnerability in TOTOLINK T6 by TOTOLINK,"The TOTOLINK T6 router is susceptible to a buffer overflow vulnerability in the cstecgi.cgi component. This flaw may allow an attacker to execute arbitrary code on the device, potentially compromising the security and privacy of users' networks. Immediate action is recommended to mitigate risks associated with this vulnerability.",Totolink,T6 Firmware,9.8,CRITICAL,0.002199999988079071,false,,false,false,false,,,false,false,,2022-09-16T14:09:09.000Z,0
CVE-2022-38828,https://securityvulnerability.io/vulnerability/CVE-2022-38828,Command Injection Vulnerability in TOTOLINK T6 Router,"The TOTOLINK T6 router, specifically version V4.1.5cu.709_B20210518, is susceptible to a command injection vulnerability through the 'cstecgi.cgi' component. This flaw could allow attackers to execute arbitrary commands on the device, potentially compromising its functionality and exposing the network to unauthorized access. It is essential for users of affected versions to apply necessary updates and mitigations.",Totolink,T6 Firmware,9.8,CRITICAL,0.03627999871969223,false,,false,false,false,,,false,false,,2022-09-16T14:07:28.000Z,0
CVE-2022-32044,https://securityvulnerability.io/vulnerability/CVE-2022-32044,Stack Overflow Vulnerability in TOTOLINK Router Product,"A stack overflow vulnerability exists in the TOTOLINK T6 router, specifically in version V4.1.9cu.5179_B20201015, through the handling of the password parameter in a specific function. This flaw can be exploited by attackers to potentially execute arbitrary code or crash the device, posing serious risks to network security.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:48.000Z,0
CVE-2022-32045,https://securityvulnerability.io/vulnerability/CVE-2022-32045,Stack Overflow Vulnerability in TOTOLINK T6 Router,"A stack overflow vulnerability has been identified in the TOTOLINK T6 Router, specifically in version V4.1.9cu.5179_B20201015. The vulnerability arises through improper handling of the 'desc' parameter within the vulnerable function, which can be exploited by an attacker to execute arbitrary code or disrupt normal operations of the device. This poses significant security implications for users, potentially allowing unauthorized access or control over the affected router.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:45.000Z,0
CVE-2022-32046,https://securityvulnerability.io/vulnerability/CVE-2022-32046,Stack Overflow Vulnerability in TOTOLINK T6 Router,"A stack overflow vulnerability was identified in the TOTOLINK T6 router due to improper handling of the 'desc' parameter within a specific function. This flaw could allow remote attackers to exploit the stack space, potentially leading to arbitrary code execution or causing a denial of service on the affected device. Security patches and best practices for device management should be applied to mitigate these risks.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:44.000Z,0
CVE-2022-32047,https://securityvulnerability.io/vulnerability/CVE-2022-32047,Stack Overflow in TOTOLINK T6 Router Software,"A stack overflow vulnerability has been identified in the TOTOLINK T6 router, specifically in the software version V4.1.9cu.5179_B20201015. This vulnerability occurs through improper handling of the 'desc' parameter in the FUN_00412ef4 function. An attacker could exploit this flaw to execute arbitrary code and potentially compromise the system, highlighting significant security risks for users of this device.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:44.000Z,0
CVE-2022-32048,https://securityvulnerability.io/vulnerability/CVE-2022-32048,Stack Overflow Vulnerability in TOTOLINK T6 Router by TOTOLINK,"A stack overflow vulnerability has been identified in the TOTOLINK T6 router. It can be triggered via the command parameter in the function FUN_0041cc88. This vulnerability poses risks as it may allow attackers to execute arbitrary code or cause denial of service, thereby compromising the security of the affected device.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:43.000Z,0
CVE-2022-32049,https://securityvulnerability.io/vulnerability/CVE-2022-32049,Stack Overflow Vulnerability in TOTOLINK T6 Router,"A vulnerability has been identified in the TOTOLINK T6 Router, specifically in version V4.1.9cu.5179_B20201015. The issue arises from improper handling of the url parameter within the function FUN_00418540, which can lead to a stack overflow. This vulnerability could potentially be exploited by an attacker to execute arbitrary code or perform unauthorized actions, highlighting the importance of securing network devices against such flaws.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:42.000Z,0
CVE-2022-32050,https://securityvulnerability.io/vulnerability/CVE-2022-32050,Stack Overflow Vulnerability in TOTOLINK T6 by Totolink,"TOTOLINK T6 version V4.1.9cu.5179_B20201015 is susceptible to a stack overflow due to an improper handling of the cloneMac parameter in the function FUN_0041af40. This flaw can be exploited by attackers to execute arbitrary code, which may compromise the integrity and confidentiality of the device, highlighting significant security risks associated with IoT products.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:41.000Z,0
CVE-2022-32051,https://securityvulnerability.io/vulnerability/CVE-2022-32051,Stack Overflow Vulnerability in TOTOLINK Router by TOTOLINK,"A stack overflow vulnerability was identified in the TOTOLINK T6 router firmware versions, specifically in the component responsible for handling various parameters such as desc, week, sTime, and eTime. An attacker could exploit this flaw by sending specially crafted input, potentially leading to denial of service or remote code execution. This vulnerability underscores the importance of patching IoT devices to safeguard against potential exploits.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:41.000Z,0
CVE-2022-32052,https://securityvulnerability.io/vulnerability/CVE-2022-32052,Stack Overflow Vulnerability in TOTOLINK Router Firmware,"The TOTOLINK T6 router firmware version V4.1.9cu.5179_B20201015 contains a vulnerability that allows for stack overflow via the 'desc' parameter in a specific function. This vulnerability could potentially allow attackers to execute arbitrary code, compromising the device's security and leading to unauthorized access or manipulation. Users are advised to update to a fixed version of the firmware and implement security best practices to protect their networks.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:40.000Z,0
CVE-2022-32053,https://securityvulnerability.io/vulnerability/CVE-2022-32053,Stack Overflow Vulnerability in TOTOLINK Router Versions,"A stack overflow vulnerability exists in the TOTOLINK T6 router, allowing unauthorized manipulation through the cloneMac parameter in a crucial function. This weakness can be exploited by attackers to execute arbitrary code, potentially leading to unauthorized access and control over the device, compromising overall network security.",Totolink,T6 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-07-01T17:27:39.000Z,0
CVE-2022-25084,https://securityvulnerability.io/vulnerability/CVE-2022-25084,Command Injection Vulnerability in TOTOLink T6 by TOTOLink,"The TOTOLink T6 router is vulnerable to a command injection flaw in the 'Main' function, allowing attackers to execute arbitrary commands through manipulations of the QUERY_STRING parameter. This security issue exposes the system to potential unauthorized control, enabling malicious actors to perform actions that could compromise the device.",Totolink,T6 Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0
CVE-2022-25137,https://securityvulnerability.io/vulnerability/CVE-2022-25137,Command Injection Vulnerability in TOTOLINK Routers,"A command injection vulnerability exists in TOTOLINK Technology routers' function recvSlaveUpgstatus. Through specially crafted MQTT packets, attackers can execute arbitrary commands, which may compromise the integrity and confidentiality of the system. This vulnerability affects specific firmware versions of the T6 and T10 router models, posing a significant risk to users if not addressed.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25136,https://securityvulnerability.io/vulnerability/CVE-2022-25136,Command Injection Vulnerability in TOTOLINK Technology Routers,"A command injection flaw affects certain TOTOLINK routers, enabling attackers to execute arbitrary commands on the device. This vulnerability exploits the meshSlaveUpdate function by sending specially crafted MQTT packets. If successfully exploited, it could compromise the router, allowing malicious actors to gain unauthorized control and manipulate the device's operations.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25135,https://securityvulnerability.io/vulnerability/CVE-2022-25135,Command Injection Vulnerability in TOTOLINK Router Products,"TOTOLINK Technology's router, specifically the T6 V3_Firmware version T6_V3_V4.1.5cu.748_B20211015, is susceptible to a command injection flaw within the recv_mesh_info_sync function. This vulnerability allows unauthorized attackers to craft and send specially designed MQTT packets, which can lead to the execution of arbitrary commands on the affected devices, jeopardizing security and potentially compromising the router's integrity.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25134,https://securityvulnerability.io/vulnerability/CVE-2022-25134,Command Injection Vulnerability in TOTOLINK Technology Router,"A command injection vulnerability has been discovered in the function setUpgradeFW of the TOTOLINK Technology router model T6 running firmware version T6_V3_V4.1.5cu.748_B20211015. This vulnerability allows an attacker to send specially crafted MQTT packets, which could enable the execution of arbitrary commands on the affected device. The exploitation of this vulnerability poses significant risks to network security as it may allow unauthorized access and control over the router.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25130,https://securityvulnerability.io/vulnerability/CVE-2022-25130,Command Injection Vulnerability in TOTOLINK Routers,"TOTOLINK Technology routers, specifically the T6 and T10 models, are susceptible to a command injection vulnerability in the updateWifiInfo function. This security flaw enables attackers to execute arbitrary commands by sending a specially crafted MQTT packet to the affected devices, potentially compromising the integrity and confidentiality of the routers' operation. Users of the affected firmware versions are strongly advised to apply appropriate patches and monitor their networks for unusual activity.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25133,https://securityvulnerability.io/vulnerability/CVE-2022-25133,Command Injection Vulnerability in TOTOLINK Technology Router,"A command injection vulnerability exists in the TOTOLINK Technology router T6 firmware. The issue, which arises in the function isAssocPriDevice, allows attackers to craft malicious MQTT packets, enabling them to execute arbitrary commands on the device. This can lead to unauthorized access and potential compromise of network security. Users of affected devices should apply available patches and adopt protective measures.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25132,https://securityvulnerability.io/vulnerability/CVE-2022-25132,Command Injection Vulnerability in TOTOLINK Technology Router,"A command injection vulnerability exists in the TOTOLINK Technology Router, specifically in the function meshSlaveDlfw. This flaw enables attackers to execute arbitrary commands by sending crafted MQTT packets, compromising the integrity and security of the device. The vulnerability highlights the potential for unauthorized access and control over networked devices, emphasizing the need for timely updates and security measures.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0
CVE-2022-25131,https://securityvulnerability.io/vulnerability/CVE-2022-25131,Command Injection Vulnerability in TOTOLINK Routers,"A command injection vulnerability exists in the recvSlaveCloudCheckStatus function of TOTOLINK Technology routers. This flaw allows an attacker to execute arbitrary commands on the affected devices by sending a specially crafted MQTT packet. This could lead to unauthorized access and manipulation of the router's functionality, posing significant security risks to users.",Totolink,T6 Firmware,9.8,CRITICAL,0.055799998342990875,false,,false,false,false,,,false,false,,2022-02-19T00:15:00.000Z,0