Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for ex1200l_firmware by totolink

    CVE-2024-7909 (GCVE-0-2024-7909)

    Vulnerability from nvd – Published: 2024-08-18 18:00 – Updated: 2024-08-21 18:16
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
    Summary
    A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275035 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275035 signaturepermissions-required
    https://vuldb.com/?submit.388436 third-party-advisory
    https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7909",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:47:52.964972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:49:20.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK EX1200L 9.3.5u.6146_B20201023 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setLanguageCfg der Datei /www/cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments langType mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T18:16:05.783Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275035 | TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275035"
            },
            {
              "name": "VDB-275035 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275035"
            },
            {
              "name": "Submit #388436 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.388436"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-19T14:44:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7909",
        "datePublished": "2024-08-18T18:00:07.558Z",
        "dateReserved": "2024-08-17T17:09:37.974Z",
        "dateUpdated": "2024-08-21T18:16:05.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7908 (GCVE-0-2024-7908)

    Vulnerability from nvd – Published: 2024-08-18 17:00 – Updated: 2024-08-19 13:39
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275034 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275034 signaturepermissions-required
    https://vuldb.com/?submit.388435 third-party-advisory
    https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7908",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T13:37:17.233476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T13:39:15.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK EX1200L 9.3.5u.6146_B20201023 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setDefResponse der Datei /www/cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments IpAddress mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-18T17:00:05.376Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275034 | TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275034"
            },
            {
              "name": "VDB-275034 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275034"
            },
            {
              "name": "Submit #388435 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.388435"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setDefResponse_bof"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-17T19:14:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7908",
        "datePublished": "2024-08-18T17:00:05.376Z",
        "dateReserved": "2024-08-17T17:09:35.177Z",
        "dateUpdated": "2024-08-19T13:39:15.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7338 (GCVE-0-2024-7338)

    Vulnerability from nvd – Published: 2024-08-01 03:31 – Updated: 2024-08-06 20:41
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273261 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273261 signaturepermissions-required
    https://vuldb.com/?submit.379316 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_tu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7338",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T20:41:23.902982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:41:31.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_tu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX1200L 9.3.5u.6146_B20201023 gefunden. Hiervon betroffen ist die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch Beeinflussen des Arguments week/sTime/eTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T03:31:04.032Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273261 | TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273261"
            },
            {
              "name": "VDB-273261 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273261"
            },
            {
              "name": "Submit #379316 | TOTOLINK EX1200L_Firmware V9.3.5u.6146_B20201023 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379316"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7338",
        "datePublished": "2024-08-01T03:31:04.032Z",
        "dateReserved": "2024-07-31T12:30:28.103Z",
        "dateUpdated": "2024-08-06T20:41:31.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7337 (GCVE-0-2024-7337)

    Vulnerability from nvd – Published: 2024-08-01 03:00 – Updated: 2024-08-01 20:39
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow
    Summary
    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273260 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273260 signaturepermissions-required
    https://vuldb.com/?submit.379315 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_tu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7337",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T19:12:01.819248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:39:06.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_tu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 entdeckt. Davon betroffen ist die Funktion loginauth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T03:00:06.098Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273260 | TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273260"
            },
            {
              "name": "VDB-273260 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273260"
            },
            {
              "name": "Submit #379315 | TOTOLINK EX1200L_Firmware V9.3.5u.6146_B20201023  buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379315"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7337",
        "datePublished": "2024-08-01T03:00:06.098Z",
        "dateReserved": "2024-07-31T12:30:25.033Z",
        "dateUpdated": "2024-08-01T20:39:06.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7334 (GCVE-0-2024-7334)

    Vulnerability from nvd – Published: 2024-08-01 01:31 – Updated: 2024-08-02 15:41
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow
    Summary
    A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273257 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273257 signaturepermissions-required
    https://vuldb.com/?submit.379286 third-party-advisory
    https://github.com/ruan-uer/create/blob/main/IoT-… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ruaner (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7334",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:26:17.620908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:41:49.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ruaner (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T01:31:04.816Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273257 | TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273257"
            },
            {
              "name": "VDB-273257 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273257"
            },
            {
              "name": "Submit #379286 | TOTOLINK EX1200L  V9.3.5u.6146_B20201023 bu",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379286"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7334",
        "datePublished": "2024-08-01T01:31:04.816Z",
        "dateReserved": "2024-07-31T12:30:16.205Z",
        "dateUpdated": "2024-08-02T15:41:49.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51035 (GCVE-0-2023-51035)

    Vulnerability from nvd – Published: 2023-12-22 00:00 – Updated: 2024-08-02 22:23
    VLAI
    Summary
    TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:43:41.676Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51035",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:23:44.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51034 (GCVE-0-2023-51034)

    Vulnerability from nvd – Published: 2023-12-22 00:00 – Updated: 2024-09-09 20:50
    VLAI
    Summary
    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T20:48:35.326792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T20:50:07.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:45:28.783Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51034",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-09T20:50:07.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51033 (GCVE-0-2023-51033)

    Vulnerability from nvd – Published: 2023-12-22 00:00 – Updated: 2024-08-02 22:23
    VLAI
    Summary
    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:47:05.965Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51033",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:23:44.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4412 (GCVE-0-2023-4412)

    Vulnerability from nvd – Published: 2023-08-18 14:31 – Updated: 2024-08-02 07:24
    VLAI
    Title
    TOTOLINK EX1200L setWanCfg os command injection
    Summary
    A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237515 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237515 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237515"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237515"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 gefunden. Davon betroffen ist die Funktion setWanCfg. Durch die Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T09:01:17.046Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237515"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237515"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:20:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setWanCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4412",
        "datePublished": "2023-08-18T14:31:04.481Z",
        "dateReserved": "2023-08-18T08:03:49.974Z",
        "dateUpdated": "2024-08-02T07:24:04.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4411 (GCVE-0-2023-4411)

    Vulnerability from nvd – Published: 2023-08-18 14:00 – Updated: 2024-08-02 07:24
    VLAI
    Title
    TOTOLINK EX1200L setTracerouteCfg os command injection
    Summary
    A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237514 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237514 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237514"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237514"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion setTracerouteCfg. Mit der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T09:00:03.809Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237514"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237514"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:18:01.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setTracerouteCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4411",
        "datePublished": "2023-08-18T14:00:07.422Z",
        "dateReserved": "2023-08-18T08:03:47.499Z",
        "dateUpdated": "2024-08-02T07:24:04.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4410 (GCVE-0-2023-4410)

    Vulnerability from nvd – Published: 2023-08-18 14:00 – Updated: 2025-07-03 13:58
    VLAI
    Title
    TOTOLINK EX1200L setDiagnosisCfg os command injection
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237513 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237513 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237513"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237513"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4410",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-03T13:57:58.588375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-03T13:58:11.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 gefunden. Dabei betrifft es die Funktion setDiagnosisCfg. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T08:58:50.166Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237513"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237513"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:10:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setDiagnosisCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4410",
        "datePublished": "2023-08-18T14:00:05.650Z",
        "dateReserved": "2023-08-18T08:03:45.465Z",
        "dateUpdated": "2025-07-03T13:58:11.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7909 (GCVE-0-2024-7909)

    Vulnerability from cvelistv5 – Published: 2024-08-18 18:00 – Updated: 2024-08-21 18:16
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
    Summary
    A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275035 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275035 signaturepermissions-required
    https://vuldb.com/?submit.388436 third-party-advisory
    https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
    https://www.totolink.net/ product
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7909",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:47:52.964972Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:49:20.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK EX1200L 9.3.5u.6146_B20201023 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion setLanguageCfg der Datei /www/cgi-bin/cstecgi.cgi. Mit der Manipulation des Arguments langType mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T18:16:05.783Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275035 | TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275035"
            },
            {
              "name": "VDB-275035 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275035"
            },
            {
              "name": "Submit #388436 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.388436"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-19T14:44:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7909",
        "datePublished": "2024-08-18T18:00:07.558Z",
        "dateReserved": "2024-08-17T17:09:37.974Z",
        "dateUpdated": "2024-08-21T18:16:05.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7908 (GCVE-0-2024-7908)

    Vulnerability from cvelistv5 – Published: 2024-08-18 17:00 – Updated: 2024-08-19 13:39
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275034 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275034 signaturepermissions-required
    https://vuldb.com/?submit.388435 third-party-advisory
    https://github.com/BeaCox/IoT_vuln/tree/main/toto… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    BeaCox (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7908",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T13:37:17.233476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T13:39:15.433Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "BeaCox (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in TOTOLINK EX1200L 9.3.5u.6146_B20201023 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion setDefResponse der Datei /www/cgi-bin/cstecgi.cgi. Dank Manipulation des Arguments IpAddress mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-18T17:00:05.376Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275034 | TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275034"
            },
            {
              "name": "VDB-275034 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275034"
            },
            {
              "name": "Submit #388435 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.388435"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setDefResponse_bof"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-17T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-17T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-08-17T19:14:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7908",
        "datePublished": "2024-08-18T17:00:05.376Z",
        "dateReserved": "2024-08-17T17:09:35.177Z",
        "dateUpdated": "2024-08-19T13:39:15.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7338 (GCVE-0-2024-7338)

    Vulnerability from cvelistv5 – Published: 2024-08-01 03:31 – Updated: 2024-08-06 20:41
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273261 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273261 signaturepermissions-required
    https://vuldb.com/?submit.379316 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_tu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7338",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-06T20:41:23.902982Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:41:31.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_tu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX1200L 9.3.5u.6146_B20201023 gefunden. Hiervon betroffen ist die Funktion setParentalRules der Datei /cgi-bin/cstecgi.cgi. Durch Beeinflussen des Arguments week/sTime/eTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T03:31:04.032Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273261 | TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273261"
            },
            {
              "name": "VDB-273261 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273261"
            },
            {
              "name": "Submit #379316 | TOTOLINK EX1200L_Firmware V9.3.5u.6146_B20201023 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379316"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7338",
        "datePublished": "2024-08-01T03:31:04.032Z",
        "dateReserved": "2024-07-31T12:30:28.103Z",
        "dateUpdated": "2024-08-06T20:41:31.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7337 (GCVE-0-2024-7337)

    Vulnerability from cvelistv5 – Published: 2024-08-01 03:00 – Updated: 2024-08-01 20:39
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow
    Summary
    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273260 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273260 signaturepermissions-required
    https://vuldb.com/?submit.379315 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    yhryhryhr_tu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7337",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T19:12:01.819248Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:39:06.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "yhryhryhr_tu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 entdeckt. Davon betroffen ist die Funktion loginauth der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments http_host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T03:00:06.098Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273260 | TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273260"
            },
            {
              "name": "VDB-273260 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273260"
            },
            {
              "name": "Submit #379315 | TOTOLINK EX1200L_Firmware V9.3.5u.6146_B20201023  buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379315"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7337",
        "datePublished": "2024-08-01T03:00:06.098Z",
        "dateReserved": "2024-07-31T12:30:25.033Z",
        "dateUpdated": "2024-08-01T20:39:06.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7334 (GCVE-0-2024-7334)

    Vulnerability from cvelistv5 – Published: 2024-08-01 01:31 – Updated: 2024-08-02 15:41
    VLAI
    Title
    TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow
    Summary
    A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.273257 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.273257 signaturepermissions-required
    https://vuldb.com/?submit.379286 third-party-advisory
    https://github.com/ruan-uer/create/blob/main/IoT-… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: 9.3.5u.6146_B20201023
    Create a notification for this product.
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ruaner (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7334",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:26:17.620908Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:41:49.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ruaner (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in TOTOLINK EX1200L 9.3.5u.6146_B20201023 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion UploadCustomModule der Datei /cgi-bin/cstecgi.cgi. Mittels Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-01T01:31:04.816Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-273257 | TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.273257"
            },
            {
              "name": "VDB-273257 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.273257"
            },
            {
              "name": "Submit #379286 | TOTOLINK EX1200L  V9.3.5u.6146_B20201023 bu",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.379286"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-07-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-07-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-07-31T14:35:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-7334",
        "datePublished": "2024-08-01T01:31:04.816Z",
        "dateReserved": "2024-07-31T12:30:16.205Z",
        "dateUpdated": "2024-08-02T15:41:49.498Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51034 (GCVE-0-2023-51034)

    Vulnerability from cvelistv5 – Published: 2023-12-22 00:00 – Updated: 2024-09-09 20:50
    VLAI
    Summary
    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    totolink ex1200l_firmware Affected: 9.3.5u.6146_b20201023
        cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:totolink:ex1200l_firmware:9.3.5u.6146_b20201023:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ex1200l_firmware",
                "vendor": "totolink",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.5u.6146_b20201023"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T20:48:35.326792Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T20:50:07.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:45:28.783Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_UploadFirmwareFile/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51034",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-09T20:50:07.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51033 (GCVE-0-2023-51033)

    Vulnerability from cvelistv5 – Published: 2023-12-22 00:00 – Updated: 2024-08-02 22:23
    VLAI
    Summary
    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.188Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:47:05.965Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_setOpModeCfg/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51033",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:23:44.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-51035 (GCVE-0-2023-51035)

    Vulnerability from cvelistv5 – Published: 2023-12-22 00:00 – Updated: 2024-08-02 22:23
    VLAI
    Summary
    TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T18:43:41.676Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://815yang.github.io/2023/12/12/ex1200l/totolink_ex1200L_NTPSyncWithHost/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-51035",
        "datePublished": "2023-12-22T00:00:00.000Z",
        "dateReserved": "2023-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-02T22:23:44.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4412 (GCVE-0-2023-4412)

    Vulnerability from cvelistv5 – Published: 2023-08-18 14:31 – Updated: 2024-08-02 07:24
    VLAI
    Title
    TOTOLINK EX1200L setWanCfg os command injection
    Summary
    A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237515 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237515 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237515"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237515"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 gefunden. Davon betroffen ist die Funktion setWanCfg. Durch die Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T09:01:17.046Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237515"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237515"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:20:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setWanCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4412",
        "datePublished": "2023-08-18T14:31:04.481Z",
        "dateReserved": "2023-08-18T08:03:49.974Z",
        "dateUpdated": "2024-08-02T07:24:04.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4411 (GCVE-0-2023-4411)

    Vulnerability from cvelistv5 – Published: 2023-08-18 14:00 – Updated: 2024-08-02 07:24
    VLAI
    Title
    TOTOLINK EX1200L setTracerouteCfg os command injection
    Summary
    A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237514 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237514 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237514"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237514"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es die Funktion setTracerouteCfg. Mit der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T09:00:03.809Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237514"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237514"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:18:01.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setTracerouteCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4411",
        "datePublished": "2023-08-18T14:00:07.422Z",
        "dateReserved": "2023-08-18T08:03:47.499Z",
        "dateUpdated": "2024-08-02T07:24:04.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4410 (GCVE-0-2023-4410)

    Vulnerability from cvelistv5 – Published: 2023-08-18 14:00 – Updated: 2025-07-03 13:58
    VLAI
    Title
    TOTOLINK EX1200L setDiagnosisCfg os command injection
    Summary
    A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.237513 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.237513 signaturepermissions-required
    https://gist.github.com/dmknght/02a29e1c5ae18b45e… exploit
    Impacted products
    Vendor Product Version
    TOTOLINK EX1200L Affected: EN_V9.3.5u.6146_B20201023
    Create a notification for this product.
    Credits
    dmknght (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.237513"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.237513"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4410",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-03T13:57:58.588375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-03T13:58:11.736Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EX1200L",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "EN_V9.3.5u.6146_B20201023"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "dmknght (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 gefunden. Dabei betrifft es die Funktion setDiagnosisCfg. Dank Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T08:58:50.166Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.237513"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.237513"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/dmknght/02a29e1c5ae18b45eacc2085d22068e8"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-08-18T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-08-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-09-13T14:10:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX1200L setDiagnosisCfg os command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-4410",
        "datePublished": "2023-08-18T14:00:05.650Z",
        "dateReserved": "2023-08-18T08:03:45.465Z",
        "dateUpdated": "2025-07-03T13:58:11.736Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }