ReportizFlow
Filtered by vendor Totolink
Subscriptions
Total
651 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | ||||
| CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | ||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | ||||
| CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | ||||
| CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | ||||
| CVE-2021-35327 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | ||||
| CVE-2021-35326 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | ||||
| CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 High |
| A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2021-35324 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. | ||||
| CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | ||||
| CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | ||||
| CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | ||||
| CVE-2021-34218 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 5.3 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. | ||||
| CVE-2021-34215 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. | ||||
| CVE-2021-34207 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. | ||||
| CVE-2021-27710 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-11-21 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS. | ||||
| CVE-2021-27708 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-11-21 | 9.8 Critical |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS. | ||||
| CVE-2020-27368 | 1 Totolink | 2 A702r, A702r Firmware | 2024-11-21 | 5.5 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | ||||
| CVE-2020-25499 | 1 Totolink | 26 A3002r, A3002r Firmware, A3002ru-v1 and 23 more | 2024-11-21 | 8.8 High |
| TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. | ||||
| CVE-2020-23617 | 1 Totolink | 4 N100re, N100re Firmware, N200re and 1 more | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | ||||