Totolink N600R Firmware vulnerabilities

38 known vulnerabilities affecting totolink/n600r_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL27HIGH8MEDIUM3

Vulnerabilities

Page 2 of 2

CVE-2022-29396CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29396 [CRITICAL] CWE-787 CVE-2022-29396: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.

nvd

CVE-2022-29399CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29399 [CRITICAL] CWE-787 CVE-2022-29399: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parame TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.

nvd

CVE-2022-28908CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28908 [CRITICAL] CWE-78 CVE-2022-28908: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.

nvd

CVE-2022-29398CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29398 [CRITICAL] CWE-787 CVE-2022-29398: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File param TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.

nvd

CVE-2022-28911CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28911 [CRITICAL] CWE-78 CVE-2022-28911: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.

nvd

CVE-2022-28909CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28909 [CRITICAL] CWE-78 CVE-2022-28909: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

nvd

CVE-2022-29393CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29393 [CRITICAL] CWE-787 CVE-2022-29393: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.

nvd

CVE-2022-28910CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28910 [CRITICAL] CWE-78 CVE-2022-28910: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.

nvd

CVE-2022-28907CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28907 [CRITICAL] CWE-78 CVE-2022-28907: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.

nvd

CVE-2022-29397CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29397 [CRITICAL] CWE-787 CVE-2022-29397: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.

nvd

CVE-2022-28913CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28913 [CRITICAL] CWE-78 CVE-2022-28913: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

nvd

CVE-2022-29391CRITICALCVSS 9.8v4.3.0cu.7647_b202101062022-05-10

CVE-2022-29391 [CRITICAL] CWE-787 CVE-2022-29391: TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment pa TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.

nvd

CVE-2022-28906CRITICALCVSS 9.8v5.3c.7159_b201904252022-05-10

CVE-2022-28906 [CRITICAL] CWE-78 CVE-2022-28906: TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.

nvd

CVE-2022-27411CRITICALCVSS 9.8v5.3c.5507_b201710312022-05-05

CVE-2022-27411 [CRITICAL] CVE-2022-27411: TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.

nvd

CVE-2022-26189CRITICALCVSS 9.8v4.3.0cu.7570_b202006202022-03-22

CVE-2022-26189 [CRITICAL] CWE-77 CVE-2022-26189: TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.

nvd

CVE-2022-26186CRITICALCVSS 9.8Exploitedv4.3.0cu.7570_b202006202022-03-22

CVE-2022-26186 [CRITICAL] CWE-77 CVE-2022-26186: TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.

nvd

CVE-2022-26187CRITICALCVSS 9.8v4.3.0cu.7570_b202006202022-03-22

CVE-2022-26187 [CRITICAL] CWE-77 CVE-2022-26187: TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.

nvd

CVE-2022-26188CRITICALCVSS 9.8v4.3.0cu.7570_b202006202022-03-22

CVE-2022-26188 [CRITICAL] CWE-77 CVE-2022-26188: TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability v TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.

nvd

← Previous2 / 2