Totolink

T6 Firmware

39 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-25084

Exploit
  • EPSS 84.26%
  • Published 24.02.2022 15:15:30
  • Last modified 21.11.2024 06:51:38

TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

9.8

CVE-2022-25130

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT ...

9.8

CVE-2022-25137

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:41

A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted M...

9.8

CVE-2022-25136

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function meshSlaveUpdate of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT...

9.8

CVE-2022-25135

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function recv_mesh_info_sync of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2022-25134

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function setUpgradeFW of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2022-25133

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function isAssocPriDevice of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2022-25132

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function meshSlaveDlfw of TOTOLINK Technology router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 allows attackers to execute arbitrary commands via a crafted MQTT packet.

9.8

CVE-2022-25131

  • EPSS 4.46%
  • Published 19.02.2022 00:15:17
  • Last modified 21.11.2024 06:51:40

A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a cr...