Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

A3002R Firmware Security Vulnerabilities

cve
cve

CVE-2020-25499

TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.

8.8CVSS

8.8AI Score

0.006EPSS

2020-12-09 09:15 PM
30
cve
cve

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

6.1CVSS

6.4AI Score

0.001EPSS

2021-08-20 05:15 PM
29
2
cve
cve

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.

6.1CVSS

6.3AI Score

0.001EPSS

2021-08-20 05:15 PM
26
2
cve
cve

CVE-2021-34218

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.

5.3CVSS

5.2AI Score

0.001EPSS

2021-08-20 05:15 PM
20
2
cve
cve

CVE-2021-34220

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.

6.1CVSS

6.4AI Score

0.001EPSS

2021-08-20 05:15 PM
23
2
cve
cve

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.

6.1CVSS

6.3AI Score

0.001EPSS

2021-08-20 05:15 PM
22
2
cve
cve

CVE-2021-34228

Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.

6.1CVSS

6.4AI Score

0.001EPSS

2021-08-20 05:15 PM
26
2
cve
cve

CVE-2022-40109

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.

9.8CVSS

9.3AI Score

0.013EPSS

2022-09-06 05:15 PM
30
3
cve
cve

CVE-2022-40110

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.

7.5CVSS

7.5AI Score

0.001EPSS

2022-09-06 05:15 PM
28
6
cve
cve

CVE-2022-40111

In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.

9.8CVSS

9.3AI Score

0.013EPSS

2022-09-06 05:15 PM
28
3
cve
cve

CVE-2022-40112

TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.

7.5CVSS

7.5AI Score

0.001EPSS

2022-09-06 05:15 PM
26
5