4hsienyang/CVE-vulns

GitHub

github.com

Releases0

Stars7

CVE-vulns

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-51190 ↗	Nov 11, 2024Monday, 11 November 2024, 20:15	4.8 MEDIUM	—
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
CVE-2024-51189 ↗	Nov 11, 2024Monday, 11 November 2024, 20:15	4.8 MEDIUM	—
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
CVE-2024-51188 ↗	Nov 11, 2024Monday, 11 November 2024, 20:15	4.8 MEDIUM	—
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
CVE-2024-51187 ↗	Nov 11, 2024Monday, 11 November 2024, 20:15	4.8 MEDIUM	—
TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
CVE-2024-51186 ↗	Nov 11, 2024Monday, 11 November 2024, 20:15	8 HIGH	—
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2024-33433 ↗	May 14, 2024Tuesday, 14 May 2024, 15:37	4.8 MEDIUM	—
Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page.
CVE-2024-31810 ↗	May 14, 2024Tuesday, 14 May 2024, 15:25	9.8 CRITICAL	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-32335 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	5.4 MEDIUM	—
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
CVE-2024-32334 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	6.5 MEDIUM	—
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVE-2024-32333 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	4.3 MEDIUM	—
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVE-2024-32332 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	6.1 MEDIUM	—
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
CVE-2024-32327 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	5.5 MEDIUM	—
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
CVE-2024-32326 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	6.8 MEDIUM	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.
CVE-2024-32325 ↗	Apr 18, 2024Thursday, 18 April 2024, 17:15	2.4 LOW	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.
CVE-2024-28402 ↗	Apr 11, 2024Thursday, 11 April 2024, 01:25	5.9 MEDIUM	—
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
CVE-2024-31817 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	7.5 HIGH	—
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
CVE-2024-31807 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	9.8 CRITICAL	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
CVE-2024-31809 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	8.8 HIGH	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVE-2024-31815 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	9.1 CRITICAL	—
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVE-2024-31814 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	8.8 HIGH	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVE-2024-31813 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	8.4 HIGH	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVE-2024-31812 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	6.5 MEDIUM	—
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVE-2024-31811 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	8 HIGH	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVE-2024-31816 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	7.5 HIGH	—
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.
CVE-2024-31808 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	8.8 HIGH	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVE-2024-31805 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	6.5 MEDIUM	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.
CVE-2024-31806 ↗	Apr 8, 2024Monday, 8 April 2024, 13:15	6.5 MEDIUM	—
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVE-2024-29419 ↗	Mar 20, 2024Wednesday, 20 March 2024, 15:15	5.4 MEDIUM	—
There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013.
CVE-2024-28401 ↗	Mar 15, 2024Friday, 15 March 2024, 17:15	5.4 MEDIUM	—
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
CVE-2024-28404 ↗	Mar 15, 2024Friday, 15 March 2024, 17:15	8 HIGH	—
TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
CVE-2024-28403 ↗	Mar 15, 2024Friday, 15 March 2024, 16:15	5.4 MEDIUM	—
TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.