Search

Find a vulnerability

Search criteria

    46 vulnerabilities found for N600R by TOTOLINK

    VAR-202510-0241

    Vulnerability from variot - Updated: 2025-11-22 23:21

    A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. TOTOLINK of n600r The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps.

    The TOTOLINK N600R suffers from a buffer overflow vulnerability caused by the wepkey parameter in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-0241",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b2022506"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7866 b2022506  and earlier"
          },
          {
            "model": "n600r \u003c=4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "cve": "CVE-2025-11444",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-11444",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-016195",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-23584",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-11444",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-016195",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-11444",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-016195",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23584",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. TOTOLINK of n600r The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps. \n\nThe TOTOLINK N600R suffers from a buffer overflow vulnerability caused by the wepkey parameter in the /cgi-bin/cstecgi.cgi file failing to properly validate the length of input data. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-11444",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "327381",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "id": "VAR-202510-0241",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          }
        ]
      },
      "last_update_date": "2025-11-22T23:21:53.827000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/bof/totolink/wepkey/wepkey.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/bof/totolink/wepkey/wepkey.md#reproduce"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.327381"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.666915"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.327381"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-11444"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "date": "2025-10-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "date": "2025-10-08T08:15:32.917000",
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23584"
          },
          {
            "date": "2025-10-16T07:55:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          },
          {
            "date": "2025-10-14T20:16:01.657000",
            "db": "NVD",
            "id": "CVE-2025-11444"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-016195"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202208-2048

    Vulnerability from variot - Updated: 2025-11-19 23:27

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of n600r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. Detailed vulnerability information is currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202208-2048",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7647 b20210106"
          },
          {
            "model": "n600r 4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "cve": "CVE-2022-36613",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.1,
                "id": "CNVD-2025-27277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2022-36613",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-36613",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-36613",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-36613",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27277",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202208-4279",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. TOTOLINK of n600r A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. Detailed vulnerability information is currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-36613"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-36613",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-36613",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-36613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "id": "VAR-202208-2048",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:27:46.996000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://github.com/whiter6666/cve/blob/main/totolink_n600r/hard_code.md"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36613"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-36613/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-36613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-36613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "date": "2022-08-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-36613"
          },
          {
            "date": "2022-08-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "date": "2023-09-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "date": "2022-08-29T00:15:08.743000",
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27277"
          },
          {
            "date": "2022-08-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-36613"
          },
          {
            "date": "2022-09-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          },
          {
            "date": "2023-09-29T08:05:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          },
          {
            "date": "2022-09-01T18:51:25.577000",
            "db": "NVD",
            "id": "CVE-2022-36613"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Vulnerability related to use of hardcoded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-015946"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202208-4279"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202510-2249

    Vulnerability from variot - Updated: 2025-11-19 23:22

    A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps.

    The TOTOLINK N600R contains a null pointer dereference vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-2249",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b20220506"
          },
          {
            "model": "n600r v4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "cve": "CVE-2025-60335",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-27273",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-60335",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-60335",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27273",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. \n\nThe TOTOLINK N600R contains a null pointer dereference vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-60335",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "id": "VAR-202510-2249",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:22:56.545000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/npd/totolink/main/content_length_max.md"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "date": "2025-10-22T16:15:45.050000",
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          },
          {
            "date": "2025-10-24T13:18:55.290000",
            "db": "NVD",
            "id": "CVE-2025-60335"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R main function null pointer dereference vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27273"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202510-2385

    Vulnerability from variot - Updated: 2025-11-19 23:21

    A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps.

    The TOTOLINK N600R contains a null pointer dereference vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-2385",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b20220506"
          },
          {
            "model": "n600r v4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "cve": "CVE-2025-60336",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-27271",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-60336",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-60336",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27271",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. \n\nThe TOTOLINK N600R contains a null pointer dereference vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-60336",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "id": "VAR-202510-2385",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:21:10.085000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/npd/totolink/sub_41773c/sub_41773c.md"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "date": "2025-10-22T18:15:34.617000",
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          },
          {
            "date": "2025-10-24T14:20:06.430000",
            "db": "NVD",
            "id": "CVE-2025-60336"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R sub_41773C function null pointer dereference vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27271"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202510-2083

    Vulnerability from variot - Updated: 2025-11-19 23:20

    TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps.

    The TOTOLINK N600R contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the SSID parameter in the setWiFiBasicConfig function fails to properly validate the length of the input data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-2083",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b20220506"
          },
          {
            "model": "n600r v4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "cve": "CVE-2025-60334",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-27272",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-60334",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-60334",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27272",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. \n\nThe TOTOLINK N600R contains a stack buffer overflow vulnerability. This vulnerability stems from the fact that the SSID parameter in the `setWiFiBasicConfig` function fails to properly validate the length of the input data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-60334",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "id": "VAR-202510-2083",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:20:08.922000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/bof/totolink/sub_41e0c0/ssid.md"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/z472421519/binaryaudit/tree/main/poc/bof/totolink/sub_41e0c0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "date": "2025-10-22T16:15:44.940000",
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          },
          {
            "date": "2025-10-24T13:19:02.877000",
            "db": "NVD",
            "id": "CVE-2025-60334"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R setWiFiBaicConfig function stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27272"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202510-2188

    Vulnerability from variot - Updated: 2025-11-19 23:10

    TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. This vulnerability stems from the fact that the wepkey2 parameter in the setWiFiMultipleConfig function fails to properly validate the length of the input data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202510-2188",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b20220506"
          },
          {
            "model": "n600r v4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "cve": "CVE-2025-60333",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-27270",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-60333",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-60333",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27270",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. The TOTOLINK N600R is a dual-band wireless router launched by the South Korean brand TOTOLINK in 2013. It supports concurrent operation on both 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. This vulnerability stems from the fact that the wepkey2 parameter in the setWiFiMultipleConfig function fails to properly validate the length of the input data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-60333",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "id": "VAR-202510-2188",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:10:02.983000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/bof/totolink/wepkey2/wepkey2.md"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "date": "2025-10-22T16:15:44.827000",
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          },
          {
            "date": "2025-10-24T13:19:12.573000",
            "db": "NVD",
            "id": "CVE-2025-60333"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R setWiFiMultipleConfig function stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27270"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202509-0043

    Vulnerability from variot - Updated: 2025-10-15 23:46

    A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. TOTOLINK of n600r The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. No detailed vulnerability details are currently available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202509-0043",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b20220506"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7866 b20220506"
          },
          {
            "model": "n600r 4.3.0cu.7866 b20220506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "cve": "CVE-2025-9935",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2025-9935",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-014932",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23590",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-9935",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-9935",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-014932",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-9935",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-9935",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-014932",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23590",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. TOTOLINK of n600r The firmware contains injection and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. No detailed vulnerability details are currently available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-9935",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "322337",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "id": "VAR-202509-0043",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          }
        ]
      },
      "last_update_date": "2025-10-15T23:46:27.638000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "injection (CWE-74) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/mono7s/totolink/blob/main/n600r/totolink%20n600r%20unauthorized_command_injection.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.322337"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.643088"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-9935"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.322337"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "date": "2025-10-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "date": "2025-09-04T10:42:37.610000",
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23590"
          },
          {
            "date": "2025-10-02T09:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          },
          {
            "date": "2025-09-29T18:32:03.733000",
            "db": "NVD",
            "id": "CVE-2025-9935"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Injection Vulnerability in Firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014932"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202509-3862

    Vulnerability from variot - Updated: 2025-10-15 23:46

    A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation on the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202509-3862",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b2022506"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7866 b2022506"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r v4.3.0cu.7866 b2022506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "cve": "CVE-2025-57623",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-23587",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57623",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-014937",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57623",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-014937",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-23587",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation on the 2.4GHz and 5GHz bands and offers a maximum wireless transmission rate of 300Mbps",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57623",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "id": "VAR-202509-3862",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          }
        ]
      },
      "last_update_date": "2025-10-15T23:46:27.482000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "NULL Pointer dereference (CWE-476) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://gist.github.com/z472421519/d17061ea79a72d39fe69c000fa1a6280"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/z472421519/binaryaudit/blob/main/poc/npd/totolink/content_length.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57623"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "date": "2025-10-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "date": "2025-09-25T18:15:43.997000",
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-23587"
          },
          {
            "date": "2025-10-02T09:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          },
          {
            "date": "2025-09-29T13:07:01.900000",
            "db": "NVD",
            "id": "CVE-2025-57623"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 in the firmware \u00a0NULL\u00a0 Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-014937"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202507-2611

    Vulnerability from variot - Updated: 2025-10-15 23:34

    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. TOTOLINK of n600r firmware and x2000r The firmware contains vulnerabilities related to improper permission settings and violations of least privilege.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202507-2611",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0"
          },
          {
            "model": "x2000r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "1.0.0"
          },
          {
            "model": "x2000r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "cve": "CVE-2025-8181",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2025-8181",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-015843",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-8181",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-015843",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-8181",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-015843",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. TOTOLINK of n600r firmware and x2000r The firmware contains vulnerabilities related to improper permission settings and violations of least privilege.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-8181",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "317595",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "id": "VAR-202507-2611",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5518367
      },
      "last_update_date": "2025-10-15T23:34:20.439000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-272",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-266",
            "trust": 1.0
          },
          {
            "problemtype": "Improper permission settings (CWE-266) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Violation of least privilege (CWE-272) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.317595"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.621966"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.621968"
          },
          {
            "trust": 1.8,
            "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.317595"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-8181"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "date": "2025-07-26T07:15:26.830000",
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T03:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          },
          {
            "date": "2025-10-09T19:40:44.513000",
            "db": "NVD",
            "id": "CVE-2025-8181"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 firmware and \u00a0x2000r\u00a0 Vulnerability regarding improper permission settings in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015843"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-1788

    Vulnerability from variot - Updated: 2025-08-21 23:27

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. TOTOLINK of n600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. An attacker could exploit this vulnerability to execute arbitrary commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-1788",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7647 b20210106"
          },
          {
            "model": "n600r v4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "cve": "CVE-2025-51390",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-18923",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-51390",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-011691",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-51390",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-011691",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-18923",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. TOTOLINK of n600r The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK N600R is a dual-band wireless router released by the Korean brand TOTOLINK in 2013. It supports concurrent operation in the 2.4GHz and 5GHz bands, with a maximum wireless transmission rate of 300Mbps. An attacker could exploit this vulnerability to execute arbitrary commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-51390",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "id": "VAR-202508-1788",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          }
        ]
      },
      "last_update_date": "2025-08-21T23:27:05.448000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/luanruy/qianxin/blob/main/cve-2025-51390.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/luanruy/qianxin/blob/main/overflow-0x41ca08.md"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-51390"
          },
          {
            "trust": 1.0,
            "url": "http://totolink.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "date": "2025-08-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "date": "2025-08-04T18:15:34.927000",
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-18923"
          },
          {
            "date": "2025-08-18T03:10:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          },
          {
            "date": "2025-08-15T16:07:35.060000",
            "db": "NVD",
            "id": "CVE-2025-51390"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-011691"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-0271

    Vulnerability from variot - Updated: 2025-08-02 22:57

    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. A3000RU firmware, A810R firmware, t10 firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-0271",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a950rg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "a3000ru",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "a3100r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "t10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "a810r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "a800r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.1.8cu.5241_b20210927"
          },
          {
            "model": "a3100r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a800r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "t10",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a810r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a950rg",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "a3000ru",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "cve": "CVE-2025-4496",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4496",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010277",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4496",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4496",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010277",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4496",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4496",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010277",
                "trust": 0.8,
                "value": "Critical"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. A3000RU firmware, A810R firmware, t10 firmware etc. TOTOLINK The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4496",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "308212",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "id": "VAR-202505-0271",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.60947725
      },
      "last_update_date": "2025-08-02T22:57:04.093000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.308212"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.567081"
          },
          {
            "trust": 1.8,
            "url": "https://www.totolink.net/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.308212"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/ch13hh/tmp_store_cc/blob/main/tt/ta/1.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4496"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "date": "2025-05-10T05:15:50.610000",
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-30T09:02:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          },
          {
            "date": "2025-07-29T14:42:19.960000",
            "db": "NVD",
            "id": "CVE-2025-4496"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0TOTOLINK\u00a0 Classic buffer overflow vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010277"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0908

    Vulnerability from variot - Updated: 2025-06-27 23:03

    Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component. TOTOLINK of n600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from China's TOTOLINK Electronics.

    TOTOLINK N600R V4.3.0cu.7866_B2022506 has a buffer overflow vulnerability. The vulnerability is caused by the UPLOAD_FILENAME component failing to properly verify the length of the input data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0908",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7866_b2022506"
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7866 b2022506"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r v4.3.0cu.7866 b2022506",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "cve": "CVE-2025-46060",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-13789",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-46060",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007112",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-46060",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007112",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-13789",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component. TOTOLINK of n600r Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from China\u0027s TOTOLINK Electronics. \n\nTOTOLINK N600R V4.3.0cu.7866_B2022506 has a buffer overflow vulnerability. The vulnerability is caused by the UPLOAD_FILENAME component failing to properly verify the length of the input data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-46060",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "id": "VAR-202506-0908",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          }
        ]
      },
      "last_update_date": "2025-06-27T23:03:27.505000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://totolink.com"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/luanruy/qax"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/luanruy/qax/blob/main/cve-2025-46060_info.md"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-46060"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "date": "2025-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "date": "2025-06-13T13:15:21.187000",
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-13789"
          },
          {
            "date": "2025-06-17T02:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          },
          {
            "date": "2025-06-16T14:58:41.900000",
            "db": "NVD",
            "id": "CVE-2025-46060"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007112"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-1797

    Vulnerability from variot - Updated: 2025-06-12 02:11

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics.

    TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the macCloneMac parameter in the setWanConfig function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-1797",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7647 b20210106"
          },
          {
            "model": "n600r v4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "cve": "CVE-2025-22900",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-12012",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-22900",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-003855",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-22900",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-003855",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12012",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the macCloneMac parameter in the setWanConfig function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-22900",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "id": "VAR-202504-1797",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          }
        ]
      },
      "last_update_date": "2025-06-12T02:11:49.974000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/xyqer1/totolink-n600r-setwanconfig-stackoverflow"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-22900"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "date": "2025-04-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "date": "2025-04-15T19:16:06.987000",
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12012"
          },
          {
            "date": "2025-04-23T01:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          },
          {
            "date": "2025-04-22T16:55:28.827000",
            "db": "NVD",
            "id": "CVE-2025-22900"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003855"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202504-3185

    Vulnerability from variot - Updated: 2025-06-12 02:11

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China's TOTOLINK Electronics.

    TOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the pin parameter in the setWiFiWpsConfig function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202504-3185",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7647 b20210106"
          },
          {
            "model": "n600r v4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "cve": "CVE-2025-22903",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-12013",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-22903",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 4.6,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-003868",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-22903",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-003868",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12013",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. TOTOLINK of n600r A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router produced by China\u0027s TOTOLINK Electronics. \n\nTOTOLINK N600R has a buffer overflow vulnerability. The vulnerability is caused by the pin parameter in the setWiFiWpsConfig function failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-22903",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "id": "VAR-202504-3185",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          }
        ]
      },
      "last_update_date": "2025-06-12T02:11:49.911000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/xyqer1/totlink-n600r-setwifiwpsconfig-stackoverflow"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-22903"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "date": "2025-04-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "date": "2025-04-15T19:16:07.090000",
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12013"
          },
          {
            "date": "2025-04-23T02:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          },
          {
            "date": "2025-04-22T16:55:56.553000",
            "db": "NVD",
            "id": "CVE-2025-22903"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-003868"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202205-0764

    Vulnerability from variot - Updated: 2024-11-23 23:10

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0764",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "5.3c.7159_b20190425"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  5.3c.7159 b20190425"
          },
          {
            "model": "n600r v5.3c.7159 b20190425",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "cve": "CVE-2022-28906",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-28906",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53555",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-28906",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-28906",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-28906",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-28906",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53555",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2819",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-28906",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-28906",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "id": "VAR-202205-0764",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:10:53.465000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/ephaha/iot_vuln/tree/main/totolink/n600r/2"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28906"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-28906/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "date": "2023-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "date": "2022-05-10T14:15:08.843000",
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53555"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28906"
          },
          {
            "date": "2023-08-03T08:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          },
          {
            "date": "2024-11-21T06:58:09.880000",
            "db": "NVD",
            "id": "CVE-2022-28906"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009233"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2819"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0732

    Vulnerability from variot - Updated: 2024-11-23 23:07

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK. An attacker could exploit this vulnerability to cause a buffer overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0732",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r v4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "cve": "CVE-2022-29398",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-29398",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-50669",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-29398",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-29398",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-50669",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2887",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-29398",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK. An attacker could exploit this vulnerability to cause a buffer overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-29398",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "id": "VAR-202205-0732",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:07:21.448000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://github.com/d1tto/iot-vuln/tree/main/totolink/7.uploadcustommodule"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-29398/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "date": "2022-05-10T20:15:09.743000",
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-29398"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          },
          {
            "date": "2024-11-21T06:59:00.577000",
            "db": "NVD",
            "id": "CVE-2022-29398"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50669)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50669"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2887"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0700

    Vulnerability from variot - Updated: 2024-11-23 23:00

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0700",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "5.3c.7159_b20190425"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  5.3c.7159 b20190425"
          },
          {
            "model": "n600r v5.3c.7159 b20190425",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "cve": "CVE-2022-28913",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-28913",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53557",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-28913",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-28913",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-28913",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-28913",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53557",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2811",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-28913",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-28913",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "id": "VAR-202205-0700",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:00:50.306000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/ephaha/iot_vuln/tree/main/totolink/n600r/10"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28913"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-28913/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "date": "2023-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "date": "2022-05-10T14:15:09.160000",
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53557"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28913"
          },
          {
            "date": "2023-08-03T08:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          },
          {
            "date": "2022-05-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          },
          {
            "date": "2024-11-21T06:58:10.890000",
            "db": "NVD",
            "id": "CVE-2022-28913"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009226"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2811"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-1150

    Vulnerability from variot - Updated: 2024-11-23 22:57

    TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1150",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7570_b20200620"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7570 b20200620"
          },
          {
            "model": "n600r v4.3.0cu.7570 b20200620",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "cve": "CVE-2022-26187",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-26187",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53561",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-26187",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-26187",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-26187",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-26187",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53561",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2015",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-26187",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "id": "VAR-202203-1150",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:57:46.915000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://doudoudedi.github.io/2022/02/21/totolink-n600r-command-injection/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26187"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-26187/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "date": "2023-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "date": "2022-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "date": "2022-03-22T21:15:07.833000",
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53561"
          },
          {
            "date": "2023-07-13T08:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          },
          {
            "date": "2024-11-21T06:53:34.300000",
            "db": "NVD",
            "id": "CVE-2022-26187"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007309"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2015"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0622

    Vulnerability from variot - Updated: 2024-11-23 22:50

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0622",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "5.3c.7159_b20190425"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  5.3c.7159 b20190425"
          },
          {
            "model": "n600r v5.3c.7159 b20190425",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "cve": "CVE-2022-28912",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-28912",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53556",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-28912",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-28912",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-28912",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-28912",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53556",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2813",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-28912",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-28912",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "id": "VAR-202205-0622",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:50:48.590000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/ephaha/iot_vuln/tree/main/totolink/n600r/8"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28912"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-28912/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "date": "2023-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "date": "2022-05-10T14:15:09.117000",
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53556"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28912"
          },
          {
            "date": "2023-08-03T08:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          },
          {
            "date": "2024-11-21T06:58:10.750000",
            "db": "NVD",
            "id": "CVE-2022-28912"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009227"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2813"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0792

    Vulnerability from variot - Updated: 2024-11-23 22:50

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0792",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7647_b20210106"
          },
          {
            "model": "n600r v4.3.0cu.7647 b20210106",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "cve": "CVE-2022-29399",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-29399",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-50670",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-29399",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-29399",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-50670",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2895",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-29399",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK Company. An attacker could exploit this vulnerability to cause a buffer overflow",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399"
          }
        ],
        "trust": 1.53
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-29399",
            "trust": 2.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "id": "VAR-202205-0792",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          }
        ],
        "trust": 1.1518367
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:50:48.472000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://github.com/d1tto/iot-vuln/tree/main/totolink/9.seturlfilterrules"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-29399/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "date": "2022-05-10T20:15:09.787000",
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-29399"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          },
          {
            "date": "2024-11-21T06:59:00.710000",
            "db": "NVD",
            "id": "CVE-2022-29399"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R Buffer Overflow Vulnerability (CNVD-2022-50670)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-50670"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2895"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202203-0506

    Vulnerability from variot - Updated: 2024-11-23 22:47

    TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0506",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "4.3.0cu.7570_b20200620"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  4.3.0cu.7570 b20200620"
          },
          {
            "model": "n600r v4.3.0cu.7570 b20200620",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "cve": "CVE-2022-26188",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-26188",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53562",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-26188",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-26188",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-26188",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-26188",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53562",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202203-2014",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TotoLink N600R is a wireless router from TotoLink, a Taiwanese company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-26188",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "id": "VAR-202203-0506",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:47:29.771000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://doudoudedi.github.io/2022/02/21/totolink-n600r-command-injection/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26188"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-26188/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "date": "2023-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "date": "2022-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "date": "2022-03-22T21:15:07.873000",
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53562"
          },
          {
            "date": "2023-07-13T08:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          },
          {
            "date": "2022-04-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          },
          {
            "date": "2024-11-21T06:53:34.450000",
            "db": "NVD",
            "id": "CVE-2022-26188"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-007308"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202203-2014"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202205-0698

    Vulnerability from variot - Updated: 2024-11-23 22:47

    TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0698",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "totolink",
            "version": "5.3c.7159_b20190425"
          },
          {
            "model": "n600r",
            "scope": null,
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": null
          },
          {
            "model": "n600r",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "totolink",
            "version": "n600r  firmware  5.3c.7159 b20190425"
          },
          {
            "model": "n600r v5.3c.7159 b20190425",
            "scope": null,
            "trust": 0.6,
            "vendor": "totolink",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "cve": "CVE-2022-28907",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-28907",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-53551",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-28907",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-28907",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-28907",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-28907",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-53551",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-2818",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-28907",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. TOTOLINK of n600r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK N600R is a wireless router from Taiwan TOTOLINK",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-28907",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "id": "VAR-202205-0698",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          }
        ],
        "trust": 1.37591835
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:47:22.919000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://github.com/ephaha/iot_vuln/tree/main/totolink/n600r/5"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-28907"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-28907/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "date": "2023-08-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "date": "2022-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "date": "2022-05-10T14:15:08.890000",
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-53551"
          },
          {
            "date": "2022-05-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-28907"
          },
          {
            "date": "2023-08-03T08:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          },
          {
            "date": "2022-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          },
          {
            "date": "2024-11-21T06:58:10.033000",
            "db": "NVD",
            "id": "CVE-2022-28907"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TOTOLINK\u00a0 of \u00a0n600r\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009232"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-2818"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2025-11444 (GCVE-0-2025-11444)

    Vulnerability from nvd – Published: 2025-10-08 08:02 – Updated: 2026-02-24 06:51
    VLAI
    Title
    TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow
    Summary
    A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TOTOLINK N600R Affected: 4.3.0cu.7866_B20220506
        cpe:2.3:o:totolink:n600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11444",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T13:15:12.395734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T13:15:16.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:n600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.0cu.7866_B20220506"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:51:54.998Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327381 | TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327381"
            },
            {
              "name": "VDB-327381 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327381"
            },
            {
              "name": "Submit #666915 | TOTOLINK N600R firmware V4.3.0cu.7866_B20220506 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.666915"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-08T10:54:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11444",
        "datePublished": "2025-10-08T08:02:10.203Z",
        "dateReserved": "2025-10-07T13:19:44.162Z",
        "dateUpdated": "2026-02-24T06:51:54.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9935 (GCVE-0-2025-9935)

    Vulnerability from nvd – Published: 2025-09-03 23:02 – Updated: 2025-09-04 14:38
    VLAI
    Title
    TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection
    Summary
    A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.322337 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.322337 signaturepermissions-required
    https://vuldb.com/?submit.643088 third-party-advisory
    https://github.com/mono7s/TOTOLINK/blob/main/N600… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK N600R Affected: 4.3.0cu.7866_B20220506
    Create a notification for this product.
    Credits
    b55t4ck (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9935",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T14:28:03.413227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T14:38:03.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.0cu.7866_B20220506"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "b55t4ck (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK N600R 4.3.0cu.7866_B20220506 entdeckt. Es geht hierbei um die Funktion sub_4159F8 der Datei /web_cste/cgi-bin/cstecgi.cgi. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T23:02:09.840Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322337 | TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.322337"
            },
            {
              "name": "VDB-322337 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322337"
            },
            {
              "name": "Submit #643088 | Shenzhen Shengshi Zhongtang Technology Co., Ltd..(TOTOLINK) TOTOLINK N600R V4.3.0cu.7866_B20220506 Unauthorized Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.643088"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/mono7s/TOTOLINK/blob/main/N600R/TOTOLINK%20N600R%20Unauthorized_Command_Injection.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-03T13:39:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9935",
        "datePublished": "2025-09-03T23:02:09.840Z",
        "dateReserved": "2025-09-03T11:34:31.096Z",
        "dateUpdated": "2025-09-04T14:38:03.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8181 (GCVE-0-2025-8181)

    Vulnerability from nvd – Published: 2025-07-26 07:02 – Updated: 2025-07-28 15:05
    VLAI
    Title
    TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Credits
    TPCchecker (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T15:05:38.418732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T15:05:51.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "FTP Service"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            },
            {
              "modules": [
                "FTP Service"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TPCchecker (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-26T07:02:07.845Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.317595"
            },
            {
              "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317595"
            },
            {
              "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621966"
            },
            {
              "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621968"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-25T10:29:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8181",
        "datePublished": "2025-07-26T07:02:07.845Z",
        "dateReserved": "2025-07-25T08:22:27.222Z",
        "dateUpdated": "2025-07-28T15:05:51.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4496 (GCVE-0-2025-4496)

    Vulnerability from nvd – Published: 2025-05-10 05:00 – Updated: 2025-05-12 19:30
    VLAI
    Title
    TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow
    Summary
    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.308212 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.308212 signaturepermissions-required
    https://vuldb.com/?submit.567081 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK T10 Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A3100R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A950RG Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A800R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK N600R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A3000RU Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A810R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    Credits
    BabyShark (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4496",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:30:52.980508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:30:55.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A3100R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A950RG",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A800R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A3000RU",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A810R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BabyShark (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion CloudACMunualUpdate der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-10T05:00:10.763Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-308212 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.308212"
            },
            {
              "name": "VDB-308212 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.308212"
            },
            {
              "name": "Submit #567081 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R V4.1.8cu.5241_B20210927 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.567081"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-09T14:38:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4496",
        "datePublished": "2025-05-10T05:00:10.763Z",
        "dateReserved": "2025-05-09T12:33:38.764Z",
        "dateUpdated": "2025-05-12T19:30:55.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11444 (GCVE-0-2025-11444)

    Vulnerability from cvelistv5 – Published: 2025-10-08 08:02 – Updated: 2026-02-24 06:51
    VLAI
    Title
    TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow
    Summary
    A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    TOTOLINK N600R Affected: 4.3.0cu.7866_B20220506
        cpe:2.3:o:totolink:n600r_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    z472421519 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11444",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-08T13:15:12.395734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-08T13:15:16.782Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:totolink:n600r_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.0cu.7866_B20220506"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "z472421519 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T06:51:54.998Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-327381 | TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.327381"
            },
            {
              "name": "VDB-327381 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.327381"
            },
            {
              "name": "Submit #666915 | TOTOLINK N600R firmware V4.3.0cu.7866_B20220506 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.666915"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/TOTOLINK/wepkey/wepkey.md#reproduce"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-10-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-10-08T10:54:41.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11444",
        "datePublished": "2025-10-08T08:02:10.203Z",
        "dateReserved": "2025-10-07T13:19:44.162Z",
        "dateUpdated": "2026-02-24T06:51:54.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9935 (GCVE-0-2025-9935)

    Vulnerability from cvelistv5 – Published: 2025-09-03 23:02 – Updated: 2025-09-04 14:38
    VLAI
    Title
    TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection
    Summary
    A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.322337 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.322337 signaturepermissions-required
    https://vuldb.com/?submit.643088 third-party-advisory
    https://github.com/mono7s/TOTOLINK/blob/main/N600… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK N600R Affected: 4.3.0cu.7866_B20220506
    Create a notification for this product.
    Credits
    b55t4ck (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9935",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T14:28:03.413227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-04T14:38:03.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3.0cu.7866_B20220506"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "b55t4ck (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK N600R 4.3.0cu.7866_B20220506 entdeckt. Es geht hierbei um die Funktion sub_4159F8 der Datei /web_cste/cgi-bin/cstecgi.cgi. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T23:02:09.840Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-322337 | TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.322337"
            },
            {
              "name": "VDB-322337 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.322337"
            },
            {
              "name": "Submit #643088 | Shenzhen Shengshi Zhongtang Technology Co., Ltd..(TOTOLINK) TOTOLINK N600R V4.3.0cu.7866_B20220506 Unauthorized Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.643088"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/mono7s/TOTOLINK/blob/main/N600R/TOTOLINK%20N600R%20Unauthorized_Command_Injection.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-03T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-03T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-03T13:39:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9935",
        "datePublished": "2025-09-03T23:02:09.840Z",
        "dateReserved": "2025-09-03T11:34:31.096Z",
        "dateUpdated": "2025-09-04T14:38:03.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-8181 (GCVE-0-2025-8181)

    Vulnerability from cvelistv5 – Published: 2025-07-26 07:02 – Updated: 2025-07-28 15:05
    VLAI
    Title
    TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Credits
    TPCchecker (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T15:05:38.418732Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T15:05:51.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "FTP Service"
              ],
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            },
            {
              "modules": [
                "FTP Service"
              ],
              "product": "X2000R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TPCchecker (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 8.3,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-26T07:02:07.845Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.317595"
            },
            {
              "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.317595"
            },
            {
              "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621966"
            },
            {
              "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.621968"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-25T10:29:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-8181",
        "datePublished": "2025-07-26T07:02:07.845Z",
        "dateReserved": "2025-07-25T08:22:27.222Z",
        "dateUpdated": "2025-07-28T15:05:51.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4496 (GCVE-0-2025-4496)

    Vulnerability from cvelistv5 – Published: 2025-05-10 05:00 – Updated: 2025-05-12 19:30
    VLAI
    Title
    TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow
    Summary
    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.308212 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.308212 signaturepermissions-required
    https://vuldb.com/?submit.567081 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK T10 Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A3100R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A950RG Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A800R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK N600R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A3000RU Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    TOTOLINK A810R Affected: 4.1.8cu.5241_B20210927
    Create a notification for this product.
    Credits
    BabyShark (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4496",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:30:52.980508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:30:55.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A3100R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A950RG",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A800R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "N600R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A3000RU",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            },
            {
              "product": "A810R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.1.8cu.5241_B20210927"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BabyShark (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion CloudACMunualUpdate der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments FileName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-10T05:00:10.763Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-308212 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.308212"
            },
            {
              "name": "VDB-308212 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.308212"
            },
            {
              "name": "Submit #567081 | TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R V4.1.8cu.5241_B20210927 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.567081"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/tt/ta/1.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-09T14:38:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4496",
        "datePublished": "2025-05-10T05:00:10.763Z",
        "dateReserved": "2025-05-09T12:33:38.764Z",
        "dateUpdated": "2025-05-12T19:30:55.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }