260 matches found
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13315
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...
CVE-2018-13308
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...
Command injection
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...
Cross site scripting
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...
CVE-2018-13308
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...
CVE-2018-13315
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...
CVE-2018-13317
CVE-2018-13317 affects TOTOLINK A3002RU firmware 1.0.8. An unauthenticated attacker can obtain the administrator’s plaintext password by issuing a GET request to password.htm, enabling remote admin access. This is an information disclosure due to exposure in the login/cred storage surface (passwo...
CVE-2018-13312
CVE-2018-13312 describes a cross-site scripting vulnerability in TOTOLINK A3002RU (firmware version 1.0.8). The flaw exists in the notice_gen.htm page, where an attacker can modify the “Input your notice URL” field to inject arbitrary JavaScript. The vulnerability is web-based (network exploit ve...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13315
CVE-2018-13315 affects TOTOLINK A3002RU (firmware 1.0.8). The Root Cause is incorrect access control in formPasswordSetup, enabling an unauthenticated POST to change the administrator password. As per NVD, the CVSS‑3 base score is 9.8 (CRITICAL; NETWORK, no user interaction, high confidentiality/...
CVE-2018-13311
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...
CVE-2018-13308
CVE-2018-13308 affects the TOTOLINK A3002RU router (firmware 1.0.8). The issue is a cross-site scripting vulnerability in the notice_gen.htm page, exploitable by modifying the "User phrases button" field to execute arbitrary JavaScript. The CVE descriptions in multiple sources confirm the vulnera...
CVE-2018-13310
TOTOLINK A3002RU (firmware version 1.0.8) is affected by CVE-2018-13310. The vulnerability is a cross-site scripting flaw in the password.htm page that allows an attacker to cause arbitrary JavaScript execution via the user’s username. Multiple connected sources (NVD entry and CNVD-2018-24105) co...
CVE-2018-13309
CVE-2018-13309 affects the TOTOLINK A3002RU router (version 1.0.8). A cross-site scripting flaw exists in the password.htm page, allowing a remote attacker to cause arbitrary JavaScript execution via the user’s password. Public documents (CNVD-2018-24106 and NVD entry) confirm the affected produc...
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...