222 matches found
Stack overflow
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720RFirmware v4.1.5cu.470B20200911 allows attackers to cause a denial of service DOS...
Cross site request forgery (csrf)
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows attackers to download the configuration file via sending a crafted HTTP request...
CVE-2021-35325
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720RFirmware v4.1.5cu.470B20200911 allows attackers to cause a denial of service DOS...
CVE-2021-35325
The CVE-2021-35325 case concerns Totolink A720R firmware v4.1.5cu.470_B20200911, where a stack overflow in the checkLoginUser function due to incorrect data handling enables a network-based denial of service. The impact described is partial availability loss, with higher severity on CVSS 3.1 (7.5...
CVE-2021-35327
A vulnerability in TOTOLINK A720R A720RFirmware v4.1.5cu.470B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request...
CVE-2021-35327
The CVE-2021-35327 entry concerns Totolink A720R routers (firmware v4.1.5cu.470_B20200911). Affected component: Telnet service authentication; root cause: improper handling allowing Telnet to start and login with default credentials via a crafted POST request. Reported impact: attacker could gain...
CVE-2021-35326
CVE-2021-35326 affects Totolink A720R routers (firmware v4.1.5cu.470_B20200911). The vulnerability allows an attacker to download the device configuration file by sending a crafted HTTP request. Root cause details are not explicitly provided in the supplied documents, and there is no remediation ...
CVE-2021-35324
Summary: CVE-2021-35324 concerns a vulnerability in the Form_Login function of TOTOLINK A720R firmware (V4.1.5cu.470_B20200911), enabling attackers to bypass authentication. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE listings) with the root cause described as an impr...
CVE-2021-35324
A vulnerability in the FormLogin function of TOTOLINK A720R A720RFirmware V4.1.5cu.470B20200911 allows attackers to bypass authentication...
TotoLink A720R 安全漏洞
The Totolink A720R is a wireless router from Taiwan, China's Gion Electronics Totolink. A security vulnerability exists in the TOTOLINK A720R that originates from a network system or product that does not properly restrict access to resources from unauthorized roles. An attacker can exploit the...
Totolink A720R 安全漏洞
The Totolink A720R is a wireless router from Taiwan, China's Gion Electronics Totolink. The Totolink A720R suffers from an authorization issue vulnerability in version V4.1.5cu.470B20200911, which stems from an improper implementation of the form login feature in the software version, and can be...
PT-2021-20889
Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version v4.1.5cu.470 B20200911 Description: A vulnerability allows attackers to start the Telnet service and then login with the default credentials via a crafted POST request. Recommendations: For version v4.1.5cu.470 B2020091...
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
Command injection
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27710
CVE-2021-27710 describes a remote command injection in TOTOLINK X5000R (firmware v9.1.0u.6118_B20201102) and TOTOLINK A720R (firmware v4.1.5cu.470_B20200911). The root cause is that a function passes untrusted input from the HTTP request into glibc’s system function, with the attacker-controlled ...
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
Command injection
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...