Totolink

Ex300 V2 Firmware

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2022-32449

Exploit
  • EPSS 18.71%
  • Published 07.07.2022 19:15:08
  • Last modified 21.11.2024 07:06:22

TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.

7.9

CVE-2021-43663

Exploit
  • EPSS 0.81%
  • Published 31.03.2022 00:15:08
  • Last modified 21.11.2024 06:29:34

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.

6.1

CVE-2021-43661

Exploit
  • EPSS 0.21%
  • Published 31.03.2022 00:15:07
  • Last modified 21.11.2024 06:29:34

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.

6.5

CVE-2021-43662

Exploit
  • EPSS 0.08%
  • Published 31.03.2022 00:15:07
  • Last modified 21.11.2024 06:29:34

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.

8.8

CVE-2022-25008

Exploit
  • EPSS 0.17%
  • Published 30.03.2022 23:15:08
  • Last modified 21.11.2024 06:51:32

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.

9.3

CVE-2021-43664

Exploit
  • EPSS 4.3%
  • Published 30.03.2022 23:15:07
  • Last modified 21.11.2024 06:29:34

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.