4 matches found
CVE-2021-34220
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field...
CVE-2021-34220
creationtimestamp| type| source ---|---|--- 2021-08-20 20:19:25+00:00| seen| https://t.me/cibsecurity/27648...
CVE-2021-34220
The CVE-2021-34220 entry concerns TOTOLINK A3002R family devices (notably A3002R with firmware version V1.1.1-B20200824). The vulnerability is a Cross-site Scripting (XSS) in tr069config.htm that can be triggered by modifying the "User Name" or "Password" fields, allowing an attacker to execute a...
CVE-2021-34220
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field...