1s1and123

7 exploits Active since May 2024
CVE-2024-32349 WRITEUP MEDIUM WRITEUP
TOTOLINK X5000R - Authenticated RCE
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.
CVSS 6.0
CVE-2024-32350 WRITEUP HIGH WRITEUP
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Authenticated RCE
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.
CVSS 8.8
CVE-2024-32351 WRITEUP HIGH WRITEUP
TOTOLINK X5000R - Authenticated RCE
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.
CVSS 8.8
CVE-2024-32352 WRITEUP HIGH WRITEUP
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Authenticated RCE
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVSS 8.8
CVE-2024-32353 WRITEUP CRITICAL WRITEUP
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS 9.8
CVE-2024-32354 WRITEUP MEDIUM WRITEUP
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
CVSS 6.0
CVE-2024-32355 WRITEUP HIGH WRITEUP
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function.
CVSS 8.0