Totolink Ex1200L Firmware vulnerabilities

11 known vulnerabilities affecting totolink/ex1200l_firmware.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH5

Vulnerabilities

Page 1 of 1
CVE-2024-7908HIGHCVSS 8.7v9.3.5u.6146_b202010232024-08-18
CVE-2024-7908 [HIGH] CWE-121 CVE-2024-7908: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B202010 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public a
nvd
CVE-2024-7909HIGHCVSS 8.7v9.3.5u.6146_b202010232024-08-18
CVE-2024-7909 [HIGH] CWE-121 CVE-2024-7909: A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the
nvd
CVE-2024-7337HIGHCVSS 8.7v9.3.5u.6146_b202010232024-08-01
CVE-2024-7337 [HIGH] CWE-120 CVE-2024-7337: A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B2 A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be u
nvd
CVE-2024-7334HIGHCVSS 8.7v9.3.5u.6146_b202010232024-08-01
CVE-2024-7334 [HIGH] CWE-120 CVE-2024-7334: A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 wa
nvd
CVE-2024-7338HIGHCVSS 8.7v9.3.5u.6146_b202010232024-08-01
CVE-2024-7338 [HIGH] CWE-120 CVE-2024-7338: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B202010 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m
nvd
CVE-2023-51035CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-12-22
CVE-2023-51035 [CRITICAL] CWE-78 CVE-2023-51035: TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi. TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
nvd
CVE-2023-51034CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-12-22
CVE-2023-51034 [CRITICAL] CWE-434 CVE-2023-51034: TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
nvd
CVE-2023-51033CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-12-22
CVE-2023-51033 [CRITICAL] CWE-78 CVE-2023-51033: TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
nvd
CVE-2023-4412CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-08-18
CVE-2023-4412 [MEDIUM] CWE-78 CVE-2023-4412: A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. N
nvd
CVE-2023-4410CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-08-18
CVE-2023-4410 [MEDIUM] CWE-78 CVE-2023-4410: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to thi
nvd
CVE-2023-4411CRITICALCVSS 9.8v9.3.5u.6146_b202010232023-08-18
CVE-2023-4411 [MEDIUM] CWE-78 CVE-2023-4411: A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as criti A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to th
nvd