Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-51025

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Dec, 2023 | 00:00
Updated At-12 Sep, 2024 | 12:40
Rejected At-
Credits

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Dec, 2023 | 00:00
Updated At:12 Sep, 2024 | 12:40
Rejected At:
▼CVE Numbering Authority (CNA)

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/
N/A
Hyperlink: https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/
x_transferred
Hyperlink: https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
TOTOLINKtotolink
Product
ex1800t_firmware
CPEs
  • cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 9.1.0cu.2112_b20220316
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Dec, 2023 | 18:15
Updated At:12 Sep, 2024 | 13:35

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TOTOLINK
totolink
>>ex1800t_firmware>>9.1.0cu.2112_b20220316
cpe:2.3:o:totolink:ex1800t_firmware:9.1.0cu.2112_b20220316:*:*:*:*:*:*:*
TOTOLINK
totolink
>>ex1800t>>-
cpe:2.3:h:totolink:ex1800t:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-77Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-77
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://815yang.github.io/2023/12/11/EX1800T/2/TOTOlinkEX1800T_V9.1.0cu.2112_B20220316setPasswordCfg-admuser/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1230Records found
CVE-2023-29799
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18x18_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-29803
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18_firmwarex18n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-29798
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18_firmwarex18n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-29800
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18_firmwarex18n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-29802
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x18_firmwarex18n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-6620
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.81% / 85.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 18:00
Updated-27 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CA300-PoE upgrade.so setUpgradeUboot os command injection

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ca300-poeca300-poe_firmwareCA300-PoE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27232
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 80.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-27231
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.19% / 86.48%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-6621
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.81% / 85.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 18:00
Updated-27 Jun, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CA300-PoE ap.so QuickSetting os command injection

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ca300-poeca300-poe_firmwareCA300-PoE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-27135
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-27229
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.65% / 90.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-6619
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.81% / 85.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 17:31
Updated-27 Jun, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CA300-PoE upgrade.so setUpgradeFW os command injection

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ca300-poeca300-poe_firmwareCA300-PoE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-52027
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.49% / 94.39%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700r_firmwarea3700rn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-6618
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-2.81% / 85.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 17:31
Updated-27 Jun, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CA300-PoE wps.so SetWLanApcliSettings os command injection

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ca300-poeca300-poe_firmwareCA300-PoE
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-37149
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 00:00
Updated-13 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-lr350_firmwarelr350n/alr350
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24160
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24276
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100ru_firmwarea7100run/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24144
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24152
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24146
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24140
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24184
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 50.76%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 00:00
Updated-14 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24141
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24159
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24150
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 81.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24148
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24157
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 81.15%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24138
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24161
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24145
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24139
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-5502
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.54% / 80.64%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:00
Updated-06 Jun, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 formMapReboot command injection

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-55591
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.76% / 90.11%
||
7 Day CHG+5.48%
Published-18 Aug, 2025 | 00:00
Updated-21 Aug, 2025 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002ra3002r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-48801
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.13%
||
7 Day CHG~0.00%
Published-01 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-41320
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.23% / 86.55%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 00:00
Updated-03 Apr, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a6000r_firmwarea6000rn/aa6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-46423
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.04% / 89.35%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/ax6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-46421
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.04% / 89.35%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/ax6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-46979
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.24% / 86.58%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 00:00
Updated-06 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/ax6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-41316
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-12.78% / 93.75%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 00:00
Updated-03 Apr, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a6000r_firmwarea6000rn/aa6000r_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-52046
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-28.83% / 96.38%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 00:00
Updated-24 Jul, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3300ra3300r_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-26848
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24238
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24142
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24153
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t8_firmwaret8n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24236
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.05% / 83.14%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a7100rua7100ru_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-24143
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 80.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-4851
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.92% / 74.97%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 03:31
Updated-24 May, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection

A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-n300rh_firmwaren300rhN300RH
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-4849
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.92% / 74.97%
||
7 Day CHG~0.00%
Published-18 May, 2025 | 02:31
Updated-24 May, 2025 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-n300rh_firmwaren300rhN300RH
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-1781
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-5.69% / 90.05%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 00:00
Updated-22 Apr, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg command injection

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x6000r_firmwarex6000rX6000R AX3000x6000rax3000
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-45800
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.68% / 70.64%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 00:00
Updated-04 Jun, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a950rg_firmwarea950rgn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found