Lucene search

[email protected]CVE-2021-35326

HistoryAug 05, 2021 - 9:15 p.m.

CVE-2021-35326

2021-08-0521:15:12

[email protected]

web.nvd.nist.gov

vulnerability

totolink a720r

router

firmware

cve-2021-35326

http request

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

Affected configurations

NVD

Node

totolinka720r_firmwareMatch4.1.5cu.470_b20200911

AND

totolinka720rMatch-

CPENameOperatorVersion
totolink:a720r_firmwaretotolink a720r firmwareeq4.1.5cu.470_b20200911

CPE	Name	Operator	Version
totolink:a720r_firmware	totolink a720r firmware	eq	4.1.5cu.470_b20200911

References

github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for CVE-2021-35326

cnvd1 cvelist1 nvd1 prion1