Totolink

N200re Firmware

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-0298

Exploit
  • EPSS 2.07%
  • Published 08.01.2024 05:15:09
  • Last modified 21.11.2024 08:46:15

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It i...

9.8

CVE-2024-0297

Exploit
  • EPSS 0.9%
  • Published 08.01.2024 05:15:09
  • Last modified 21.11.2024 08:46:15

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injectio...

9.8

CVE-2024-0296

Exploit
  • EPSS 1.54%
  • Published 08.01.2024 04:15:08
  • Last modified 21.11.2024 08:46:15

A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os comma...

5.5

CVE-2023-2790

Exploit
  • EPSS 0.03%
  • Published 18.05.2023 13:15:09
  • Last modified 21.11.2024 07:59:17

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in co...

6.1

CVE-2020-23617

  • EPSS 0.2%
  • Published 02.05.2022 23:15:07
  • Last modified 21.11.2024 05:13:56

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

9

CVE-2019-19824

Exploit
  • EPSS 93.67%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the dev...

7.5

CVE-2019-19823

Exploit
  • EPSS 1.36%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:28

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT throug...

7.5

CVE-2019-19822

Exploit
  • EPSS 2.79%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:27

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, ...

9.8

CVE-2019-19825

Exploit
  • EPSS 0.62%
  • Published 27.01.2020 17:15:12
  • Last modified 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determ...