Skip to content

Instantly share code, notes, and snippets.

[CVE ID]
CVE-2024-41320
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
[CVE ID]
CVE-2024-41319
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
[CVE ID]
CVE-2024-41318
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
[CVE ID]
CVE-2024-41317
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
[CVE ID]
CVE-2024-41316
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
[CVE ID]
CVE-2024-41315
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
[CVE ID]
CVE-2024-41314
[PRODUCT]
TOTOLINK A6000R
[VERSION]
V1.0.1-B20201211.2000
[PROBLEM TYPE]
command injection
[DESCRIPTION]
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
[CVE ID]
CVE-2024-39209
[PRODUCT]
luci-app-sms-tool
[VERSION]
<= 1.9-6
[PROBLEM TYPE]
command injection
[DESCRIPTION]
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
[CVE ID]
CVE-2024-39208
[PRODUCT]
luci-app-lucky
[VERSION]
<= 2.8.3
[PROBLEM TYPE]
Unauthorized access
[DESCRIPTION]
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
[CVE ID]
CVE-2024-39207
[PRODUCT]
lua-shmem
[VERSION]
<= 1.0-1
[PROBLEM TYPE]
buffer overflow
[DESCRIPTION]
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.