Filtered by vendor Totolink
Subscriptions
Total
643 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-42891 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | ||||
CVE-2021-42890 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | ||||
CVE-2021-42889 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | ||||
CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | ||||
CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
CVE-2021-42886 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | ||||
CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | ||||
CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | ||||
CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | ||||
CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | ||||
CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | ||||
CVE-2021-35327 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | ||||
CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | ||||
CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | ||||
CVE-2021-35324 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. | ||||
CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | ||||
CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | ||||
CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | ||||
CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 5.3 Medium |
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | ||||
CVE-2021-34215 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. |