Filtered by vendor Totolink
Subscribe
Total
1071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46006 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.
|
|||||
| CVE-2021-45742 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
|
|||||
| CVE-2021-45741 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
|
|||||
| CVE-2021-45740 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.
|
|||||
| CVE-2021-45739 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.
|
|||||
| CVE-2021-45738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
|
|||||
| CVE-2021-45737 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.
|
|||||
| CVE-2021-45736 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.
|
|||||
| CVE-2021-45735 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
|
|||||
| CVE-2021-45734 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
|
|||||
| CVE-2021-45733 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
|
|||||
| CVE-2021-44620 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
|
|||||
| CVE-2021-44247 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.
|
|||||
| CVE-2021-44246 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.
|
|||||
| CVE-2021-43711 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
|
|||||
| CVE-2021-43664 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
|
|||||
| CVE-2021-43663 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
|
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
|
|||||
| CVE-2021-43662 | 1 Totolink | 4 A720r, A720r Firmware, Ex300 V2 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
|
|||||
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
|
|||||
| CVE-2021-43636 | 1 Totolink | 2 T10 V2, T10 V2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process.
|
|||||
| CVE-2021-42893 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.
|
|||||
| CVE-2021-42892 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
|
|||||
| CVE-2021-42891 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.
|
|||||
| CVE-2021-42890 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.
|
|||||
| CVE-2021-42889 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.
|
|||||
| CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.
|
|||||
| CVE-2021-42887 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
|
|||||
| CVE-2021-42886 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
|
|||||
| CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
|
|||||
| CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
|
|||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
|
|||||
| CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.
|
|||||
| CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.
|
|||||
| CVE-2021-35327 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
|
|||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
|
|||||
| CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
|
|||||
| CVE-2021-35324 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
|
|||||
| CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
|
|||||
| CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
|
|||||
| CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
|
|||||