Latest Totolink Vulnerabilities

CVE-2024-1661
Totolink X6000R shadow hard-coded credentials
Totolink X6000r Firmware=9.4.0cu.852_b20230719
CVE-2024-24328
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24324
TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.
Totolink A8000ru Firmware=7.1cu.643_b20200521
TOTOLINK A8000RU
CVE-2024-24326
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24330
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24332
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24327
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24333
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24331
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24325
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-24329
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-1004
Totolink N200RE cstecgi.cgi loginAuth stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-1003
Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-1002
Totolink N200RE cstecgi.cgi setIpPortFilterRules stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-1001
Totolink N200RE cstecgi.cgi main stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-1000
Totolink N200RE cstecgi.cgi setTracerouteCfg stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-0999
Totolink N200RE cstecgi.cgi setParentalRules stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-0998
Totolink N200RE cstecgi.cgi setDiagnosisCfg stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-0997
Totolink N200RE cstecgi.cgi setOpModeCfg stack-based overflow
=9.3.5u.6139_b20201216
CVE-2024-0944
Totolink T8 cstecgi.cgi session expiration
=4.1.5cu.833_20220905
CVE-2024-0943
Totolink N350RT cstecgi.cgi session expiration
=9.3.5u.6255
CVE-2024-0942
Totolink N200RE V5 cstecgi.cgi session expiration
=9.3.5u.6255_b20211224
CVE-2024-22529
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa.
Totolink X2000r Firmware=2.0.0-b20230727.10434
TOTOLINK X2000R=v2
CVE-2023-52039
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function.
Totolink X6000r Firmware=9.4.0cu.852_b20230719
TOTOlink X6000R
CVE-2023-52040
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
Totolink X6000r Firmware=9.4.0cu.852_b20230719
TOTOlink X6000R
CVE-2023-52038
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function.
Totolink X6000r Firmware=9.4.0cu.852_b20230719
TOTOlink X6000R
CVE-2024-22663
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
Totolink A3700r Firmware=9.1.2u.6165_20211012
TOTOLINK A3700R
CVE-2024-22660
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
Totolink A3700r Firmware=9.1.2u.6165_20211012
TOTOLINK A3700R
CVE-2024-22662
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
Totolink A3700r Firmware=9.1.2u.6165_20211012
TOTOLINK A3700R
CVE-2024-0579
Totolink X2000R formMapDelDevice command injection
=1.0.0-b20221212.1452
CVE-2024-0578
Totolink LR1200GB cstecgi.cgi UploadCustomModule stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0577
Totolink LR1200GB cstecgi.cgi setLanguageCfg stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0576
Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0575
Totolink LR1200GB cstecgi.cgi setTracerouteCfg stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0574
Totolink LR1200GB cstecgi.cgi setParentalRules stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0573
Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0572
Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0571
Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow
=9.1.0u.6619_b20230130
CVE-2024-0570
Totolink N350RT Setting cstecgi.cgi access control
=9.3.5u.6265
CVE-2024-0569
Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure
=4.1.5cu.833_20220905
CVE-2023-52042
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
Totolink X6000r Firmware=9.4.0cu.852_b20230719
TOTOlink X6000R
CVE-2023-52041
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
Totolink X6000r Firmware=9.4.0cu.852_b20230719
TOTOlink X6000R
CVE-2023-52026
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface
Totolink Ex1800t Firmware=9.1.0cu.2112_b20220316
TOTOLINK EX1800T
CVE-2024-23059
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-23061
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-23060
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-23058
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2024-23057
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function.
Totolink A3300r Firmware=17.0.0cu.557_b20221024
TOTOLINK A3300R
CVE-2023-52031
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
Totolink A3700r Firmware=9.1.2u.5822_b20200513
TOTOLINK A3700R

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203