Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ex1200t_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-03 | CVE-2021-42885 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | Ex1200t_firmware | 9.8 | ||
| 2022-06-03 | CVE-2021-42886 | TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | Ex1200t_firmware | 7.5 | ||
| 2022-06-03 | CVE-2021-42887 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | Ex1200t_firmware | 9.8 | ||
| 2022-06-03 | CVE-2021-42888 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | Ex1200t_firmware | 9.8 | ||
| 2022-06-03 | CVE-2021-42889 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | Ex1200t_firmware | 7.5 | ||
| 2022-06-03 | CVE-2021-42890 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | Ex1200t_firmware | 9.8 | ||
| 2022-06-03 | CVE-2021-42891 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | Ex1200t_firmware | 7.5 | ||
| 2022-06-03 | CVE-2021-42892 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | Ex1200t_firmware | 4.3 | ||
| 2022-06-03 | CVE-2021-42893 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | Ex1200t_firmware | 7.5 | ||
| 2024-01-11 | CVE-2023-52032 | TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | Ex1200t_firmware | 9.8 |