T10 Firmware
Monthly
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.
A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.
Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.