Search
Search Results (90 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13313 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 6.5 Medium |
| In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext. | ||||
| CVE-2018-13312 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. | ||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | ||||
| CVE-2018-13310 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | ||||
| CVE-2018-13309 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | ||||
| CVE-2018-13308 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | ||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | ||||
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | ||||
| CVE-2024-34195 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-30 | 8.8 High |
| TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. | ||||
| CVE-2024-42520 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-08-13 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl. | ||||