Totolink N300rt Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink N300rt Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-48860 — CVSS 9.8 (critical): TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass…
CVE-2019-19825 — CVSS 9.8 (critical): On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the…
CVE-2020-25499 — CVSS 8.8 (high): TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this…
CVE-2019-19824 — CVSS 8.8 (high): On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the…
CVE-2019-19822 — CVSS 7.5 (high): A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the…
CVE-2019-19823 — CVSS 7.5 (high): A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords…
CVE-2024-32334 — CVSS 6.5 (medium): TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall…
CVE-2024-32332 — CVSS 6.1 (medium): TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
CVE-2024-32327 — CVSS 5.5 (medium): TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
CVE-2024-32335 — CVSS 5.4 (medium): TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
CVE-2024-32333 — CVSS 4.3 (medium): TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.