Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
totolink n200re firmware vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-23617
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows malicious users to execute arbitrary web scripts or HTML via SCRIPT element.
Totolink N200re Firmware 2.0
Totolink N100re Firmware 2.0
8.8
CVSSv3
CVE-2020-25499
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
Totolink A3002r Firmware
Totolink A3002ru-v1 Firmware
Totolink A3002ru-v2 Firmware
Totolink A702r-v2 Firmware
Totolink A702r-v3 Firmware
Totolink N100re-v3 Firmware
Totolink N150rt Firmware
Totolink N200re-v3 Firmware
Totolink N200re-v4 Firmware
Totolink N210re Firmware
Totolink N300rh-v3 Firmware
Totolink N300rt Firmware
Totolink N302r Plus Firmware
8.8
CVSSv3
CVE-2019-19824
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This aff...
Totolink A3002ru Firmware
Totolink A702r Firmware
Totolink N301rt Firmware
Totolink N302r Firmware
Totolink N300rt Firmware
Totolink N200re Firmware
Totolink N150rt Firmware
Totolink N100re Firmware
1 Github repository
9.8
CVSSv3
CVE-2019-19825
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid...
Totolink A3002ru Firmware
Totolink A702r Firmware
Totolink N301rt Firmware
Totolink N302r Firmware
Totolink N300rt Firmware
Totolink N200re Firmware
Totolink N150rt Firmware
Totolink N100re Firmware
9.8
CVSSv3
CVE-2022-48113
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated malicious users to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.
Totolink N200re-v5 Firmware 9.3.5u.6139
9.8
CVSSv3
CVE-2024-0296
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can b...
Totolink N200re Firmware 9.3.5u.6139 B20201216
9.8
CVSSv3
CVE-2024-0297
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated...
Totolink N200re Firmware 9.3.5u.6139 B20201216
9.8
CVSSv3
CVE-2024-0298
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attac...
Totolink N200re Firmware 9.3.5u.6139 B20201216
9.8
CVSSv3
CVE-2024-0299
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The atta...
Totolink N200re Firmware 9.3.5u.6139 B20201216
5.5
CVSSv3
CVE-2023-2790
A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possib...
Totolink N200re Firmware 9.3.5u.6255 B20211224
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »