VARIoT IoT vulnerabilities database
| VAR-202312-1760 | CVE-2023-5961 | plural Moxa Inc. Cross-site request forgery vulnerability in product |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. ioLogik e1210 firmware, ioLogik e1211 firmware, ioLogik e1212 firmware etc. Moxa Inc. The product contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA ioLogik E1200 Series is a series of general-purpose controllers and I/O devices from China's MOXA company
| VAR-202312-1593 | CVE-2023-51035 | TOTOLINK of ex1200l in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. TOTOLINK of ex1200l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a dual-band wireless signal amplifier, mainly used to expand the Wi-Fi coverage of home or office environments and solve the problem of weak signals or dead spots
| VAR-202312-0940 | CVE-2023-51034 | TOTOLINK of ex1200l Unrestricted Upload of Dangerous File Types Vulnerability in Firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. TOTOLINK of ex1200l Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a dual-band wireless signal amplifier, mainly used to expand the Wi-Fi coverage of home or office environments, and solve the problem of weak signals or dead spots.
TOTOLINK EX1200L has a command execution vulnerability, which is caused by the UploadFirmwareFil function interface of cstecgi.cgi failing to properly filter special characters and commands in constructed commands
| VAR-202312-1261 | CVE-2023-51033 | TOTOLINK of ex1200l in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. TOTOLINK of ex1200l The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1200L is a dual-band wireless signal amplifier, mainly used to expand the Wi-Fi coverage of home or office environments and solve the problem of weak signals or dead spots
| VAR-202312-1594 | CVE-2023-51022 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.
TOTOLINK EX1800T has a command execution vulnerability. This vulnerability stems from the failure of the langFlag parameter of the setLanguageCfg interface of cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0941 | CVE-2023-51021 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the fact that the merge parameter of the setRptWizardCfg interface of cstecgi.cgi fails to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1262 | CVE-2023-51020 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1976 | CVE-2023-51019 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the key5g parameter of the setWiFiExtenderConfig interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-2148 | CVE-2023-51018 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the opmode parameter of the setWiFiApConfig interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0768 | CVE-2023-51017 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's Zeon Electronics (TOTOLINK) company.
There is a command execution vulnerability in the TOTOLINK EX1800T lanIp parameter. This vulnerability stems from the failure of the lanIp parameter of the setLanConfig interface of cstecgi.cgi to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1440 | CVE-2023-51016 | TOTOLINK of ex1800t Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics
| VAR-202312-1109 | CVE-2023-51015 | TOTOLINK of ex1800t Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. TOTOLINK of ex1800t There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments. The vulnerability is caused by the enable parameter of the setDmzCfg interface in cstecgi.cgi, which allows an attacker to execute unauthorized arbitrary commands
| VAR-202312-1777 | CVE-2023-51014 | TOTOLINK EX1800T cstecgi.cgi lanSecDns parameter arbitrary command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments.
The TOTOLINK EX1800T has a command execution vulnerability. This vulnerability is caused by the lanSecDns parameter of the setLanConfig interface in cstecgi.cgi, which allows an attacker to execute arbitrary commands without authorization
| VAR-202312-1595 | CVE-2023-51013 | TOTOLINK EX1800T cstecgi.cgi lanNetmask parameter arbitrary command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments.
The TOTOLINK EX1800T has a command execution vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202312-0942 | CVE-2023-51012 | TOTOLINK EX1800T cstecgi.cgi lanGateway parameter arbitrary command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments.
The TOTOLINK EX1800T has a command execution vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202312-1263 | CVE-2023-51011 | TOTOLINK EX1800T cstecgi.cgi lanPriDns parameter arbitrary command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi. The TOTOLINK EX1800T is a Wi-Fi range extender released by China's TOTOLINK Electronics. It supports Wi-Fi 6 technology and enhances signal coverage by wirelessly connecting to a router. It is suitable for home and small office environments.
The TOTOLINK EX1800T has a command execution vulnerability. An attacker could exploit this vulnerability to execute arbitrary commands
| VAR-202312-1975 | CVE-2023-51028 | TOTOLINK EX1800T Command Execution Vulnerability (CNVD-2024-31498) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics
| VAR-202312-2147 | CVE-2023-51027 | TOTOLINK EX1800T setWiFiExtenderConfig interface command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the apcliAuthMode parameter of the setWiFiExtenderConfig interface of cstecgi.cgi failing to properly filter special characters and commands in constructed commands. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-0767 | CVE-2023-51026 | TOTOLINK EX1800T setRebootScheCfg interface command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the hour parameter of the setRebootScheCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system
| VAR-202312-1439 | CVE-2023-51025 | TOTOLINK EX1800T setPasswordCfg interface command execution vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK Electronics. The vulnerability is caused by the admuser parameter of the setPasswordCfg interface of cstecgi.cgi failing to properly filter special characters and commands in the constructed command. An attacker can exploit this vulnerability to execute arbitrary commands on the system