Security Vulnerabilities, CVEs
CVE-2023-51025
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51024
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51022
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51021
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51020
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51019
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51018
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51017
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51016
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51015
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51014
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51013
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51012
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi.
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51011
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi
Max CVSS
9.8
Published
2023-12-22
Updated
2023-12-27
EPSS
0.19%
CVE-2023-51010
An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking.
Max CVSS
0.0
Published
2023-12-28
Updated
2023-12-28
EPSS
0.04%
CVE-2023-51006
An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors.
Max CVSS
0.0
Published
2023-12-28
Updated
2023-12-28
EPSS
0.04%
CVE-2023-50993
Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-29
EPSS
0.07%
CVE-2023-50992
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%
CVE-2023-50990
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%
CVE-2023-50989
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.15%
CVE-2023-50988
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%
CVE-2023-50987
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%
CVE-2023-50986
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%
CVE-2023-50985
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
Max CVSS
9.8
Published
2023-12-20
Updated
2023-12-22
EPSS
0.12%