Filtered by vendor Totolink
Subscriptions
Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 8.8 High |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | ||||
| CVE-2021-46009 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 9.8 Critical |
| In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. | ||||
| CVE-2021-46006 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 6.5 Medium |
| In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. | ||||
| CVE-2021-46010 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 8.8 High |
| Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. | ||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters. | ||||
| CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | ||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters. | ||||
| CVE-2021-45742 | 1 Totolink | 2 A720r, A720r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | ||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter. | ||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | ||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | ||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-08-04 | 7.5 High |
| TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | ||||
| CVE-2021-45738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. | ||||
| CVE-2021-45733 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-04 | 9.8 Critical |
| TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. | ||||
| CVE-2021-44620 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 9.8 Critical |
| A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | ||||
| CVE-2021-44246 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-08-04 | 7.5 High |
| Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. | ||||
| CVE-2021-44247 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-08-04 | 9.8 Critical |
| Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. | ||||
| CVE-2021-43636 | 1 Totolink | 2 T10 V2, T10 V2 Firmware | 2024-08-04 | 9.8 Critical |
| Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. | ||||
| CVE-2021-43711 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-08-04 | 9.8 Critical |
| The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | ||||
| CVE-2021-43664 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-08-04 | 8.1 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | ||||