Skip to main content

Ex200 Firmware

18 CVEs product

Monthly

CVE-2024-53333 MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
18.9%
CVE-2024-7336 HIGH POC This Week

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7335 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-31810 CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32326 MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ex200 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-32325 LOW POC Monitor

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ex200 Firmware
NVD GitHub
CVSS 3.1
2.4
EPSS
0.5%
CVE-2024-31817 HIGH POC THREAT This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
55.3%
CVE-2024-31816 HIGH This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-31815 CRITICAL POC Act Now

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-31814 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.6%
CVE-2024-31813 HIGH This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-31812 MEDIUM This Month

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31811 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-31809 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31808 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-31807 CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-31806 MEDIUM This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-31805 MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
EPSS 19% CVSS 6.3
MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ex200 Firmware
NVD GitHub
EPSS 0% CVSS 2.4
LOW POC Monitor

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ex200 Firmware
NVD GitHub
EPSS 55% CVSS 7.5
HIGH POC THREAT This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
EPSS 9% CVSS 8.8
HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ex200 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy