Totolink

Cp900

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-44854

Exploit
  • EPSS 8.02%
  • Published 01.05.2025 00:00:00
  • Last modified 22.05.2025 15:32:20

TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

6.3

CVE-2025-44836

Exploit
  • EPSS 8.02%
  • Published 01.05.2025 00:00:00
  • Last modified 22.05.2025 15:29:21

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted ...

6.3

CVE-2025-44837

Exploit
  • EPSS 8.02%
  • Published 01.05.2025 00:00:00
  • Last modified 22.05.2025 15:29:38

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via ...

6.3

CVE-2025-44838

Exploit
  • EPSS 8.02%
  • Published 01.05.2025 00:00:00
  • Last modified 22.05.2025 15:29:50

TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

9.8

CVE-2024-35396

  • EPSS 0.13%
  • Published 24.05.2024 16:15:10
  • Last modified 03.04.2025 15:45:41

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root.