Totolink Ca300-Poe Firmware vulnerabilities
24 known vulnerabilities affecting totolink/ca300-poe_firmware.
Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL14HIGH1MEDIUM9
Vulnerabilities
Page 2 of 2
CVE-2023-24140CRITICALCVSS 9.8v6.2c.8842023-02-03
CVE-2023-24140 [CRITICAL] CWE-77 CVE-2023-24140: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
nvd
CVE-2023-24143CRITICALCVSS 9.8v6.2c.8842023-02-03
CVE-2023-24143 [CRITICAL] CWE-77 CVE-2023-24143: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the Net
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
nvd
CVE-2023-24138CRITICALCVSS 9.8v6.2c.8842023-02-03
CVE-2023-24138 [CRITICAL] CWE-77 CVE-2023-24138: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hos
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
nvd
CVE-2023-24147HIGHCVSS 7.5v6.2c.8842023-02-03
CVE-2023-24147 [HIGH] CWE-798 CVE-2023-24147: TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service w
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
nvd
← Previous2 / 2