Totolink Ex200_firmware
19 CVEs affecting Totolink Ex200_firmware. Latest disclosed: 2024-11-21. Critical: 4, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-31810 | Critical | 9.8 | 2024-05-14 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. |
CVE-2024-31807 | Critical | 9.8 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost f… |
CVE-2021-43711 | Critical | 9.8 | 2022-01-04 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter n… |
CVE-2024-31815 | Critical | 9.1 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh |
CVE-2024-7336 | High | 8.8 | 2024-08-01 | A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file… |
CVE-2024-7335 | High | 8.8 | 2024-08-01 | A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cste… |
CVE-2024-31814 | High | 8.8 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. |
CVE-2024-31809 | High | 8.8 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW func… |
CVE-2024-31808 | High | 8.8 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx f… |
CVE-2024-31813 | High | 8.4 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. |
CVE-2024-31811 | High | 8.0 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg fu… |
CVE-2024-31817 | High | 7.5 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. |
CVE-2024-31816 | High | 7.5 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. |
CVE-2024-32326 | Medium | 6.8 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. |
CVE-2024-31812 | Medium | 6.5 | 2024-04-08 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. |
CVE-2024-31806 | Medium | 6.5 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the syste… |
CVE-2024-31805 | Medium | 6.5 | 2024-04-08 | TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg f… |
CVE-2024-53333 | Medium | 6.3 | 2024-11-21 | TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to… |
CVE-2024-32325 | Low | 2.4 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. |