Totolink A860R Firmware vulnerabilities

8 known vulnerabilities affecting totolink/a860r_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL6HIGH2

Vulnerabilities

Page 1 of 1
CVE-2022-40475CRITICALCVSS 9.8Exploitedv4.1.2cu.5182_b202010272022-09-29
CVE-2022-40475 [CRITICAL] CWE-78 CVE-2022-40475: TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the compone TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
nvd
CVE-2022-37839CRITICALCVSS 9.8v4.1.2cu.5182_b202010272022-09-06
CVE-2022-37839 [CRITICAL] CWE-120 CVE-2022-37839: TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.
nvd
CVE-2022-37842CRITICALCVSS 9.8v4.1.2cu.5182_b202010272022-09-06
CVE-2022-37842 [CRITICAL] CWE-120 CVE-2022-37842: In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.
nvd
CVE-2022-37843CRITICALCVSS 9.8v4.1.2cu.5182_b202010272022-09-06
CVE-2022-37843 [CRITICAL] CVE-2022-37843: In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put i In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.
nvd
CVE-2022-37840CRITICALCVSS 9.8v4.1.2cu.5182_b202010272022-09-06
CVE-2022-37840 [CRITICAL] CWE-120 CVE-2022-37840: In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overfl In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.
nvd
CVE-2022-37841HIGHCVSS 7.5v4.1.2cu.5182_b202010272022-09-06
CVE-2022-37841 [HIGH] CWE-798 CVE-2022-37841: In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sam In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.
nvd
CVE-2022-36614HIGHCVSS 7.8v4.1.2cu.5182_b202010272022-08-29
CVE-2022-36614 [HIGH] CWE-798 CVE-2022-36614: TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /e TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
nvd
CVE-2022-25083CRITICALCVSS 9.8Exploitedv4.1.2cu.5182_b202010272022-02-24
CVE-2022-25083 [CRITICAL] CWE-78 CVE-2022-25083: TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability i TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
nvd