Skip to main content
CVE-2023-51035 CRITICAL POC Act Now

TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-51034 CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51033 CRITICAL POC Act Now

TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1200L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51022 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51021 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51020 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51019 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51018 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51017 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51016 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51015 CRITICAL POC Act Now

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51014 CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51013 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51012 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51011 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-50708 CRITICAL POC PATCH Act Now

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii2 Authclient
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50147 CRITICAL POC Act Now

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-51028 CRITICAL POC Act Now

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51027 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51025 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51024 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51023 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49689 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-49688 CRITICAL POC Act Now

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50731 CRITICAL POC PATCH Act Now

MindsDB is a SQL Server for artificial intelligence. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Mindsdb
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-49792 CRITICAL PATCH Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42017 CRITICAL Act Now

IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload IBM Planning Analytics
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-7058 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51707 CRITICAL Act Now

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-50928 CRITICAL PATCH Act Now

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Awslabs Sandbox Accounts For Events
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy