Double-q1015/CVE-vulns

Releases0

Stars15

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-24157 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24151 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24156 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24155 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini.
CVE-2023-24154 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW.
CVE-2023-24153 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24152 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24148 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.
CVE-2023-24147 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	7.5 HIGH	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVE-2023-24149 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVE-2023-24150 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet.
CVE-2023-24144 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
CVE-2023-24146 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
CVE-2023-24145 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
CVE-2023-24143 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
CVE-2023-24142 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
CVE-2023-24141 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
CVE-2023-24140 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
CVE-2023-24139 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
CVE-2023-24138 ↗	Feb 3, 2023Friday, 3 February 2023, 16:15	9.8 CRITICAL	—
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
CVE-2022-46550 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo.
CVE-2022-46551 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.
CVE-2022-46534 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan.
CVE-2022-46545 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.
CVE-2022-46549 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo.
CVE-2022-46548 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient.
CVE-2022-46547 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer.
CVE-2022-46546 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic.
CVE-2022-46544 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the cmdinput parameter at /goform/exeCommand.
CVE-2022-46543 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mitInterface parameter at /goform/addressNat.
CVE-2022-46542 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/addressNat.
CVE-2022-46541 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the ssid parameter at /goform/fast_setting_wifi_set.
CVE-2022-46540 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/addressNat.
CVE-2022-46539 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security_5g parameter at /goform/WifiBasicSet.
CVE-2022-46538 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	9.8 CRITICAL	—
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.
CVE-2022-46537 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the security parameter at /goform/WifiBasicSet.
CVE-2022-46532 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter.
CVE-2022-46533 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeed parameter at /goform/SetClientState.
CVE-2022-46536 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the limitSpeedUp parameter at /goform/SetClientState.
CVE-2022-46535 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState.
CVE-2022-46531 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter.
CVE-2022-46530 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo.
CVE-2022-45666 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
CVE-2022-45665 ↗	Dec 20, 2022Tuesday, 20 December 2022, 15:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.
CVE-2022-45663 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
CVE-2022-45672 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the formWx3AuthorizeSet function.
CVE-2022-45671 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the appData parameter in the formSetAppFilterRule function.
CVE-2022-45668 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	6.5 MEDIUM	—
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
CVE-2022-45667 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	6.5 MEDIUM	—
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
CVE-2022-45661 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.
CVE-2022-45664 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function.
CVE-2022-45654 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVE-2022-45659 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
CVE-2022-45660 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.
CVE-2022-45658 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.
CVE-2022-45657 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2022-45656 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.
CVE-2022-45655 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.
CVE-2022-45647 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.
CVE-2022-45653 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.
CVE-2022-45652 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.
CVE-2022-45651 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.
CVE-2022-45650 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2022-45649 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.
CVE-2022-45648 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.
CVE-2022-45641 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.
CVE-2022-45646 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.
CVE-2022-45645 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.
CVE-2022-45644 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.
CVE-2022-45643 ↗	Dec 2, 2022Friday, 2 December 2022, 18:15	7.5 HIGH	—
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.
CVE-2022-44362 ↗	Dec 2, 2022Friday, 2 December 2022, 17:15	9.8 CRITICAL	—
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.
CVE-2022-44367 ↗	Dec 2, 2022Friday, 2 December 2022, 17:15	9.8 CRITICAL	—
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.
CVE-2022-44366 ↗	Dec 2, 2022Friday, 2 December 2022, 17:15	9.8 CRITICAL	—
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.
CVE-2022-44365 ↗	Dec 2, 2022Friday, 2 December 2022, 17:15	9.8 CRITICAL	—
Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.
CVE-2022-44363 ↗	Dec 2, 2022Friday, 2 December 2022, 17:15	9.8 CRITICAL	—
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.
CVE-2022-45640 ↗	Dec 1, 2022Thursday, 1 December 2022, 05:15	7.5 HIGH	—
Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).