Product:

Cp900_firmware

(Totolink)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 9
Date Id Summary Products Score Patch Annotated
2024-08-05 CVE-2024-7463 A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Cp900_firmware 9.8
2024-08-05 CVE-2024-7464 A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Cp900_firmware 9.8
2023-03-23 CVE-2022-28494 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Cp900_firmware 9.8
2023-03-23 CVE-2022-28491 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Cp900_firmware 9.8
2023-03-24 CVE-2022-28495 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Cp900_firmware 9.8
2023-03-23 CVE-2022-28496 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Cp900_firmware 9.8
2023-03-23 CVE-2022-28497 TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. Cp900_firmware 9.8
2023-03-23 CVE-2022-28492 TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. Cp900_firmware 9.8
2023-03-23 CVE-2022-28493 A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, Cp900_firmware 9.8