Note:
This project will be discontinued after December 13, 2021. [more]
Product:
N200re_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-29 | CVE-2024-1001 | A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | N200re_firmware | 9.8 | ||
| 2024-01-29 | CVE-2024-1002 | A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but... | N200re_firmware | 8.8 | ||
| 2024-01-29 | CVE-2024-1003 | A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not... | N200re_firmware | 8.8 | ||
| 2024-01-29 | CVE-2024-1004 | A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not... | N200re_firmware | 7.2 | ||
| 2022-05-02 | CVE-2020-23617 | A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | N100re_firmware, N200re_firmware | 6.1 | ||
| 2020-01-27 | CVE-2019-19823 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU... | Mesh_router_firmware, Emta_ap_firmwre, Fgn\-R2_firmware, Hcn_max\-C300n_firmware, Max\-C300n_firmware, Wn\-Ac1167r_firmwre, Wireless_ap_firmware, Rtk_11n_ap_firmware, Gr297n_firmware, Gn\-866ac_firmware, A3002ru_firmware, A702r_firmware, N100re_firmware, N150rt_firmware, N200re_firmware, N300rt_firmware, N301rt_firmware, N302r_firmware | N/A | ||
| 2020-01-27 | CVE-2019-19822 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH... | Mesh_router_firmware, Emta_ap_firmwre, Fgn\-R2_firmware, Hcn_max\-C300n_firmware, Max\-C300n_firmware, Wn\-Ac1167r_firmwre, Wireless_ap_firmware, Rtk_11n_ap_firmware, Gr297n_firmware, Gn\-866ac_firmware, A3002ru_firmware, A702r_firmware, N100re_firmware, N150rt_firmware, N200re_firmware, N300rt_firmware, N301rt_firmware, N302r_firmware | N/A | ||
| 2020-01-27 | CVE-2019-19825 | On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through... | A3002ru_firmware, A702r_firmware, N100re_firmware, N150rt_firmware, N200re_firmware, N300rt_firmware, N301rt_firmware, N302r_firmware | N/A |