Totolink Cp900L Firmware vulnerabilities

8 known vulnerabilities affecting totolink/cp900l_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-35398CRITICALCVSS 9.8v4.1.5cu.798_b202212282024-05-28
CVE-2024-35398 [CRITICAL] CWE-120 CVE-2024-35398: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.
nvd
CVE-2024-35397HIGHCVSS 8.8v4.1.5cu.798_b202212282024-05-28
CVE-2024-35397 [HIGH] CWE-77 CVE-2024-35397: TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2024-35399HIGHCVSS 8.8v4.1.5cu.798_b202212282024-05-28
CVE-2024-35399 [HIGH] CWE-121 CVE-2024-35399: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password p TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth
nvd
CVE-2024-35400MEDIUMCVSS 5.3v4.1.5cu.798_b202212282024-05-28
CVE-2024-35400 [MEDIUM] CWE-120 CVE-2024-35400: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules
nvd
CVE-2024-35401MEDIUMCVSS 5.9v4.1.5cu.798_b202212282024-05-28
CVE-2024-35401 [MEDIUM] CWE-77 CVE-2024-35401: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability v TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.
nvd
CVE-2024-35403LOWCVSS 2.7v4.1.5cu.798_b202212282024-05-28
CVE-2024-35403 [LOW] CWE-121 CVE-2024-35403: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
nvd
CVE-2024-35396CRITICALCVSS 9.8v4.1.5cu.798_b202212282024-05-24
CVE-2024-35396 [CRITICAL] CWE-798 CVE-2024-35396: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.
nvd
CVE-2024-35395HIGHCVSS 8.8v4.1.5cu.798_b202212282024-05-24
CVE-2024-35395 [HIGH] CWE-259 CVE-2024-35395: TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
nvd