Cp900 Firmware
Monthly
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.