Totolink Ex200 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink Ex200 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2021-43711 — CVSS 9.8 (critical): The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET…
CVE-2024-31810 — CVSS 9.8 (critical): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2024-31807 — CVSS 9.8 (critical): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in…
CVE-2024-31815 — CVSS 9.1 (critical): In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through…
CVE-2024-7336 — CVSS 8.8 (high): A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function…
CVE-2024-31808 — CVSS 8.8 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in…
CVE-2024-31809 — CVSS 8.8 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in…
CVE-2024-31814 — CVSS 8.8 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.
CVE-2024-7335 — CVSS 8.8 (high): A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of…
CVE-2024-31813 — CVSS 8.4 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.
CVE-2024-31811 — CVSS 8.0 (high): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in…
CVE-2024-31816 — CVSS 7.5 (high): In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function…
CVE-2024-31817 — CVSS 7.5 (high): In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function…
CVE-2024-32326 — CVSS 6.8 (medium): TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the…
CVE-2024-31812 — CVSS 6.5 (medium): In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function…
CVE-2024-31805 — CVSS 6.5 (medium): TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter…
CVE-2024-31806 — CVSS 6.5 (medium): TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which…
CVE-2024-53333 — CVSS 6.3 (medium): TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability…
CVE-2024-32325 — CVSS 2.4 (low): TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the…