Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-36460

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Aug, 2022 | 13:53
Updated At-03 Aug, 2024 | 10:07
Rejected At-
Credits

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Aug, 2022 | 13:53
Updated At:03 Aug, 2024 | 10:07
Rejected At:
▼CVE Numbering Authority (CNA)

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.md
x_refsource_MISC
Hyperlink: https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.md
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.md
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.md
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Aug, 2022 | 14:15
Updated At:08 Aug, 2023 | 14:21

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TOTOLINK
totolink
>>a3700r>>-
cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3700r_firmware>>9.1.2u.6134_b20201202
cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6134_b20201202:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/Darry-lang1/vuln/blob/main/TOTOLINK/A3700R/4/readme.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

510Records found
CVE-2024-42736
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 76.07%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 00:00
Updated-04 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in addBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/ax5000r_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-57014
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.59% / 87.48%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 00:00
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000rx5000r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36481
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36459
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37076
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36479
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-38511
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.11%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36456
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37079
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36461
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37083
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37082
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-37081
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36487
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36485
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36458
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36455
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:06
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3600r_firmwarea3600rn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-36486
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.19%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-42741
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.12% / 88.37%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 00:00
Updated-13 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/ax5000r_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-53335
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-21 Nov, 2024 | 00:00
Updated-04 Apr, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/aa810r_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-36465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36611
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a800r_firmwarea800rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36480
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36616
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810ra810r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36613
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n600r_firmwaren600rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-48192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-37077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36462
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.18%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36614
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a860r_firmwarea860rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-37080
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a720ra720r_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36488
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36484
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37084
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36464
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37078
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.50%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:03
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36483
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36615
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3000ru_firmwarea3000run/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-36612
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 23:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a950rga950rg_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-37075
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.49%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7000r_firmwarea7000rn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46007
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.41% / 92.61%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 22:12
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ar3100rar3100r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-2095
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-3.72% / 87.71%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 22:00
Updated-03 Apr, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1800tex1800t_firmwareEX1800T
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-14586
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.92% / 83.00%
||
7 Day CHG~0.00%
Published-13 Dec, 2025 | 06:32
Updated-18 Dec, 2025 | 02:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X5000R cstecgi.cgi snprintf os command injection

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-TOTOLINK
Product-x5000r_firmwarex5000rX5000R
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-13311
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.48% / 90.86%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002rua3002ru_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-11005
Matching Score-6
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-6
Assigner-Palo Alto Networks, Inc.
CVSS Score-9.3||CRITICAL
EPSS-3.21% / 86.74%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 20:17
Updated-16 Oct, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.

Action-Not Available
Vendor-TOTOLINK
Product-x6000r_firmwarex6000rX6000R
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-8574
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.86% / 85.93%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 11:00
Updated-10 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument slaveIpList leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-9001
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.31% / 79.50%
||
7 Day CHG~0.00%
Published-19 Sep, 2024 | 20:00
Updated-24 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret10T10t10
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found