Totolink T6 Firmware vulnerabilities
39 known vulnerabilities affecting totolink/t6_firmware.
Total CVEs
39
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL14HIGH17MEDIUM8
Vulnerabilities
Page 2 of 2
CVE-2022-32046HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32046 [HIGH] CWE-787 CVE-2022-32046: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc paramete
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.
nvd
CVE-2022-32051HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32051 [HIGH] CWE-787 CVE-2022-32051: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, s
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
nvd
CVE-2022-32052HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32052 [HIGH] CWE-787 CVE-2022-32052: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc paramete
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
nvd
CVE-2022-32045HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32045 [HIGH] CWE-787 CVE-2022-32045: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc paramete
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.
nvd
CVE-2022-32047HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32047 [HIGH] CWE-787 CVE-2022-32047: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc paramete
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
nvd
CVE-2022-32053HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32053 [HIGH] CWE-787 CVE-2022-32053: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac para
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
nvd
CVE-2022-32049HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32049 [HIGH] CWE-787 CVE-2022-32049: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.
nvd
CVE-2022-32044HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32044 [HIGH] CWE-787 CVE-2022-32044: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password para
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.
nvd
CVE-2022-32048HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32048 [HIGH] CWE-787 CVE-2022-32048: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command param
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
nvd
CVE-2022-32050HIGHCVSS 7.5v4.1.9cu.5179_b202010152022-07-01
CVE-2022-32050 [HIGH] CWE-787 CVE-2022-32050: TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac para
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.
nvd
CVE-2022-25084CRITICALCVSS 9.8Exploitedv5.9c.4085_b201904282022-02-24
CVE-2022-25084 [CRITICAL] CWE-78 CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
nvd
CVE-2022-25132CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25132 [CRITICAL] CWE-77 CVE-2022-25132: A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_
A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25133CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25133 [CRITICAL] CWE-77 CVE-2022-25133: A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6
A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25137CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25137 [CRITICAL] CWE-77 CVE-2022-25137: A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers
A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25134CRITICALCVSS 9.8Exploitedvv4.1.5cu.748_b202110152022-02-19
CVE-2022-25134 [CRITICAL] CWE-77 CVE-2022-25134: A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_F
A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25130CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25130 [CRITICAL] CWE-77 CVE-2022-25130: A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V
A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25131CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25131 [CRITICAL] CWE-77 CVE-2022-25131: A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology r
A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25135CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25135 [CRITICAL] CWE-77 CVE-2022-25135: A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router
A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
CVE-2022-25136CRITICALCVSS 9.8vv4.1.5cu.748_b202110152022-02-19
CVE-2022-25136 [CRITICAL] CWE-77 CVE-2022-25136: A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6
A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
nvd
← Previous2 / 2