Totolink A3700R Firmware vulnerabilities

CVE-2024-37631 [HIGH] CWE-121 CVE-2024-37631: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parame TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.

CVE-2024-37633 [HIGH] CWE-121 CVE-2024-37633: TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the fun TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg

CVE-2024-22660 [CRITICAL] CWE-787 CVE-2024-22660: TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg

CVE-2024-22662 [CRITICAL] CWE-787 CVE-2024-22662: TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules

CVE-2024-22663 [CRITICAL] CWE-77 CVE-2024-22663: TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg

CVE-2023-52031 [CRITICAL] CVE-2023-52031: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.

CVE-2023-52029 [CRITICAL] CWE-78 CVE-2023-52029: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function.

CVE-2023-52028 [CRITICAL] CWE-78 CVE-2023-52028: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.

CVE-2023-52027 [CRITICAL] CWE-77 CVE-2023-52027: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.

CVE-2023-52030 [CRITICAL] CWE-250 CVE-2023-52030: TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function.

CVE-2023-50147 [CRITICAL] CWE-78 CVE-2023-50147: There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.

CVE-2023-48192 [HIGH] CWE-94 CVE-2023-48192: An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary cod An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.

CVE-2023-46574 [CRITICAL] CWE-77 CVE-2023-46574: An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary cod An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.

CVE-2023-43141 [CRITICAL] CWE-284 CVE-2023-43141: TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Contr TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

CVE-2022-36458 [HIGH] CWE-78 CVE-2022-36458: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

CVE-2022-36465 [HIGH] CWE-787 CVE-2022-36465: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter.

CVE-2022-36463 [HIGH] CWE-787 CVE-2022-36463: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command pa TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

CVE-2022-36466 [HIGH] CWE-787 CVE-2022-36466: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip paramet TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.

CVE-2022-36461 [HIGH] CWE-78 CVE-2022-36461: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

CVE-2022-36460 [HIGH] CWE-78 CVE-2022-36460: TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability v TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.