CVE-2026-11620
- EPSS 0.29%
- Veröffentlicht 09.06.2026 02:45:10
- Zuletzt bearbeitet 09.06.2026 13:33:34
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remot...
CVE-2024-53333
- EPSS 18.9%
- Veröffentlicht 21.11.2024 18:15:13
- Zuletzt bearbeitet 04.04.2025 14:40:24
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.
CVE-2024-7336
- EPSS 1.27%
- Veröffentlicht 01.08.2024 03:15:01
- Zuletzt bearbeitet 09.08.2024 14:38:01
A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. ...
CVE-2024-7335
- EPSS 1.16%
- Veröffentlicht 01.08.2024 02:15:02
- Zuletzt bearbeitet 09.08.2024 14:05:30
A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer ove...
CVE-2024-31810
- EPSS 0.62%
- Veröffentlicht 14.05.2024 15:25:45
- Zuletzt bearbeitet 09.04.2025 14:20:06
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-32326
- EPSS 0.58%
- Veröffentlicht 18.04.2024 17:15:48
- Zuletzt bearbeitet 07.04.2025 14:26:49
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
CVE-2024-32325
- EPSS 0.49%
- Veröffentlicht 18.04.2024 17:15:48
- Zuletzt bearbeitet 13.05.2025 00:53:54
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
CVE-2024-31817
- EPSS 55.34%
- Veröffentlicht 08.04.2024 13:15:09
- Zuletzt bearbeitet 24.03.2025 17:19:53
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
CVE-2024-31815
- EPSS 0.58%
- Veröffentlicht 08.04.2024 13:15:08
- Zuletzt bearbeitet 17.06.2025 18:30:45
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVE-2024-31816
- EPSS 2.7%
- Veröffentlicht 08.04.2024 13:15:08
- Zuletzt bearbeitet 18.03.2025 16:02:17
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.