Totolink

Cp900 Firmware

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-44854

Exploit
  • EPSS 7.85%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 15:32:20

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44836

Exploit
  • EPSS 7.85%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 15:29:21

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted ...

6.3

CVE-2025-44837

Exploit
  • EPSS 7.85%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 15:29:38

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via ...

6.3

CVE-2025-44838

Exploit
  • EPSS 7.85%
  • Veröffentlicht 01.05.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 15:29:50

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8

CVE-2024-7464

Exploit
  • EPSS 44.9%
  • Veröffentlicht 05.08.2024 01:16:08
  • Zuletzt bearbeitet 15.08.2024 13:15:28

A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. Th...

9.8

CVE-2024-7463

Exploit
  • EPSS 15.1%
  • Veröffentlicht 05.08.2024 01:16:07
  • Zuletzt bearbeitet 15.08.2024 13:15:55

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can b...

9.8

CVE-2022-28495

Exploit
  • EPSS 0.62%
  • Veröffentlicht 24.03.2023 14:15:09
  • Zuletzt bearbeitet 20.02.2025 19:15:09

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted requ...

9.8

CVE-2022-28496

  • EPSS 0.21%
  • Veröffentlicht 23.03.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:57:26

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a cr...

9.8

CVE-2022-28497

  • EPSS 0.18%
  • Veröffentlicht 23.03.2023 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:57:26

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted...

9.8

CVE-2022-28491

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.03.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 06:57:25

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.