Totolink Ex200 Firmware vulnerabilities
19 known vulnerabilities affecting totolink/ex200_firmware.
Total CVEs
19
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH9MEDIUM5LOW1
Vulnerabilities
Page 1 of 1
CVE-2024-53333MEDIUMCVSS 6.3v4.0.3c.7646_b202012112024-11-21
CVE-2024-53333 [MEDIUM] CWE-77 CVE-2024-53333: TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.
nvd
CVE-2024-7335HIGHCVSS 8.7v4.0.3c.7646_b202012112024-08-01
CVE-2024-7335 [HIGH] CWE-120 CVE-2024-7335: A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affec
A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may
nvd
CVE-2024-7336HIGHCVSS 8.7v4.0.3c.7646_b202012112024-08-01
CVE-2024-7336 [HIGH] CWE-120 CVE-2024-7336: A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected b
A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The as
nvd
CVE-2024-31810CRITICALCVSS 9.8v4.0.3c.7646_b202012112024-05-14
CVE-2024-31810 [CRITICAL] CWE-798 CVE-2024-31810: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /et
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
nvd
CVE-2024-32326MEDIUMCVSS 6.8v4.0.3c.7646_b202012112024-04-18
CVE-2024-32326 [MEDIUM] CWE-79 CVE-2024-32326: TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through th
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
nvd
CVE-2024-32325LOWCVSS 2.4v4.0.3c.7646_b202012112024-04-18
CVE-2024-32325 [LOW] CWE-79 CVE-2024-32325: TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through th
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
nvd
CVE-2024-31807CRITICALCVSS 9.8v4.0.3c.7646_b202012112024-04-08
CVE-2024-31807 [CRITICAL] CWE-94 CVE-2024-31807: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
nvd
CVE-2024-31815CRITICALCVSS 9.1v4.0.3c.7646_b202012112024-04-08
CVE-2024-31815 [CRITICAL] CWE-639 CVE-2024-31815: In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without auth
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
nvd
CVE-2024-31814HIGHCVSS 8.8v4.0.3c.7646_b202012112024-04-08
CVE-2024-31814 [HIGH] CWE-288 CVE-2024-31814: TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login functi
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
nvd
CVE-2024-31808HIGHCVSS 8.8v4.0.3c.7646_b202012112024-04-08
CVE-2024-31808 [HIGH] CWE-233 CVE-2024-31808: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
nvd
CVE-2024-31813HIGHCVSS 8.4v4.0.3c.7646_b202012112024-04-08
CVE-2024-31813 [HIGH] CWE-862 CVE-2024-31813: TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
nvd
CVE-2024-31817HIGHCVSS 7.5v4.0.3c.7646_b202012112024-04-08
CVE-2024-31817 [HIGH] CWE-200 CVE-2024-31817: In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
nvd
CVE-2024-31811HIGHCVSS 8.0v4.0.3c.7646_b202012112024-04-08
CVE-2024-31811 [HIGH] CWE-77 CVE-2024-31811: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
nvd
CVE-2024-31816HIGHCVSS 7.5v4.0.3c.7646_b202012112024-04-08
CVE-2024-31816 [HIGH] CWE-200 CVE-2024-31816: In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
nvd
CVE-2024-31809HIGHCVSS 8.8v4.0.3c.7646_b202012112024-04-08
CVE-2024-31809 [HIGH] CWE-75 CVE-2024-31809: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulner
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
nvd
CVE-2024-31805MEDIUMCVSS 6.5v4.0.3c.7646_b202012112024-04-08
CVE-2024-31805 [MEDIUM] CWE-284 CVE-2024-31805: TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authoriza
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
nvd
CVE-2024-31806MEDIUMCVSS 6.5v4.0.3c.7646_b202012112024-04-08
CVE-2024-31806 [MEDIUM] CWE-75 CVE-2024-31806: TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerabil
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
nvd
CVE-2024-31812MEDIUMCVSS 6.5v4.0.3c.7646_b202012112024-04-08
CVE-2024-31812 [MEDIUM] CWE-75 CVE-2024-31812: In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without autho
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
nvd
CVE-2021-43711CRITICALCVSS 9.8Exploitedv4.0.3c.7646_b202012112022-01-04
CVE-2021-43711 [CRITICAL] CWE-77 CVE-2021-43711: The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection v
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
nvd