n0wstr/IOTVuln

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-44838 ↗	May 1, 2025Thursday, 1 May 2025, 15:16	6.3 MEDIUM	—
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44837 ↗	May 1, 2025Thursday, 1 May 2025, 15:16	6.3 MEDIUM	—
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44836 ↗	May 1, 2025Thursday, 1 May 2025, 15:16	6.3 MEDIUM	—
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2025-44835 ↗	May 1, 2025Thursday, 1 May 2025, 14:15	6.3 MEDIUM	—
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell.
CVE-2025-29743 ↗	Apr 22, 2025Tuesday, 22 April 2025, 20:15	6.5 MEDIUM	—
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
CVE-2024-34212 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.3 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function.
CVE-2024-34219 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	8.6 HIGH	—
TOTOLINK CP450 V4.1.0cu.747_B20191224 was discovered to contain a vulnerability in the SetTelnetCfg function, which allows attackers to log in through telnet.
CVE-2024-34218 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	3.8 LOW	—
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
CVE-2024-34217 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.7 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function.
CVE-2024-34215 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.3 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function.
CVE-2024-34213 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	9.8 CRITICAL	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function.
CVE-2024-34209 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	9.8 CRITICAL	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
CVE-2024-34206 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	6.5 MEDIUM	—
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter.
CVE-2024-34210 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.3 HIGH	—
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
CVE-2024-34211 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	8.8 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.
CVE-2024-34207 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	8.8 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function.
CVE-2024-34204 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	9.8 CRITICAL	—
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter.
CVE-2024-34205 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.3 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
CVE-2024-34203 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	3.8 LOW	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function.
CVE-2024-34202 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	6.5 MEDIUM	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function.
CVE-2024-34201 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	7.3 HIGH	—
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function.
CVE-2024-34200 ↗	May 14, 2024Tuesday, 14 May 2024, 15:38	8.8 HIGH	—
TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function.
CVE-2024-33345 ↗	Apr 29, 2024Monday, 29 April 2024, 18:15	6.5 MEDIUM	—
D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2024-33342 ↗	Apr 26, 2024Friday, 26 April 2024, 18:15	7.5 HIGH	—
D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-33344 ↗	Apr 26, 2024Friday, 26 April 2024, 18:15	9.8 CRITICAL	—
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell.
CVE-2024-33343 ↗	Apr 26, 2024Friday, 26 April 2024, 18:15	8.8 HIGH	—
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell.