Filtered by vendor Totolink
Subscriptions
Total
640 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 6.1 Medium |
| Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | ||||
| CVE-2021-34207 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 6.1 Medium |
| Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. | ||||
| CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 6.1 Medium |
| Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | ||||
| CVE-2021-34215 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 6.1 Medium |
| Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. | ||||
| CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 6.1 Medium |
| Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | ||||
| CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-04 | 5.3 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | ||||
| CVE-2021-27710 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-08-03 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS. | ||||
| CVE-2021-27708 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-08-03 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS. | ||||
| CVE-2022-48067 | 1 Totolink | 2 A830r, A830r Firmware | 2024-08-03 | 5.5 Medium |
| An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | ||||
| CVE-2022-48124 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | ||||
| CVE-2022-48069 | 1 Totolink | 2 A830r, A830r Firmware | 2024-08-03 | 7.5 High |
| Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | ||||
| CVE-2022-48125 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | ||||
| CVE-2022-48121 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | ||||
| CVE-2022-48123 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | ||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-08-03 | 9.8 Critical |
| A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | ||||
| CVE-2022-48122 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | ||||
| CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2024-08-03 | 9.8 Critical |
| An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | ||||
| CVE-2022-48126 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | ||||
| CVE-2022-47853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | ||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-08-03 | 9.8 Critical |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | ||||