Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Totolink Subscribe
Filtered by product Ca300-poe Firmware
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24161 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-22 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVE-2023-24159 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-22 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function.
CVE-2023-24160 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-22 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.
CVE-2023-24147 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 7.5 HIGH
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVE-2023-24149 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow.
CVE-2023-24146 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
CVE-2023-24145 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
CVE-2023-24144 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
CVE-2023-24143 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
CVE-2023-24142 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
CVE-2023-24141 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
CVE-2023-24140 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
CVE-2023-24139 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
CVE-2023-24138 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-10 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
CVE-2023-24148 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2023-02-09 N/A 9.8 CRITICAL
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function.