Skip to main content

Ex1800T Firmware

28 CVEs product

Monthly

CVE-2025-2370 HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-2369 HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-2097 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2025-2096 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2095 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2025-2094 MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.9%
CVE-2025-1852 HIGH This Week

A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-12352 MEDIUM This Month

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ex1800T Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-34257 CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-52026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-51022 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51021 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51020 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51019 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51018 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51017 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51016 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51015 CRITICAL POC Act Now

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51014 CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51013 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51012 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51011 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51028 CRITICAL POC Act Now

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51027 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51026 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51025 CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51024 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-51023 CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex1800T Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH This Week

A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ex1800T Firmware
NVD GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex1800T Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex1800T Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy