Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

Positive Technologies
Positive Technologiesadded 2025/11/13 12:0 a.m.4 views

PT-2025-46901

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG Router firmware versions prior to V5.9c.4592 B20191022 ALL Description A buffer overflow issue exists in the global.so binary of the TOTOLINK A950RG Router firmware. The getSaveConfig function retrieves the http host parameter...

6.5CVSS7.9AI score0.01553EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2024/07/28 12:0 a.m.3 views

PT-2024-38132 · Totolink · Totolink A3000Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3000RU version 5.9c.5185 Description: A problem was found in the processing of the file /web cste/cgi-bin/product.ini, which leads to the use of a hard-coded password. The issue has been disclosed to the public and may be used. The...

8.8CVSS4.3AI score0.00116EPSS
Exploits1References8
NVD
NVDadded 2022/08/29 12:15 a.m.12 views

CVE-2022-38511

TOTOLINK A810R V5.9c.4050B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi...

7.8CVSS0.00415EPSS
Exploits1References1
Prion
Prionadded 2022/08/29 12:15 a.m.15 views

Command injection

TOTOLINK A810R V5.9c.4050B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi...

4.3CVSS7.9AI score0.00415EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2022/08/28 11:58 p.m.12 views

CVE-2022-36616

TOTOLINK A810R V4.1.2cu.5182B20201026 and V5.9c.4050B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample...

8AI score0.00056EPSS
Exploits1References1
CVE
CVEadded 2022/08/28 11:58 p.m.59 views

CVE-2022-36616

CVE-2022-36616 affects TOTOLINK A810R routers (firmware versions V4.1.2cu.5182_B20201026 through V5.9c.4050_B20190424). The issue is a hardcoded root password stored in /etc/shadow.sample, enabling local privilege escalation if an attacker gains access to the device. Connected sources corroborate...

7.8CVSS7.7AI score0.00056EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/08/28 12:0 a.m.1 views

PT-2022-24433 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version V5.9c.4050 B20190424 Description: A command injection issue was found in the downloadFile.cgi component. This allows for potential exploitation. Recommendations: For TOTOLINK A810R version V5.9c.4050 B20190424, consider...

7.8CVSS7.8AI score0.00415EPSS
Exploits1References4
CNVD
CNVDadded 2022/04/01 12:0 a.m.25 views

TotoLink A3100R Access Control Error Vulnerability (CNVD-2022-54663)

TotoLink A3100R is a series of wireless router TotoLink A3100R V5.9c.4577 from TotoLink Electronics Taiwan, China has an access control error vulnerability, which stems from test.asp contains an API-like function that is not authenticated and can be exploited by an attacker without authentication...

6.5CVSS3.1AI score0.00236EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEVadded 2022/04/01 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.5AI score0.05664EPSS
Exploits1References1
OSV
OSVadded 2022/03/30 11:15 p.m.0 views

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies...

9.8CVSS7.3AI score0.01052EPSS
Exploits1References3
NVD
NVDadded 2022/03/30 11:15 p.m.9 views

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

8.8CVSS0.00863EPSS
Exploits1References3
NVD
NVDadded 2022/03/30 11:15 p.m.9 views

CVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks...

10CVSS0.0755EPSS
Exploits1References3
Prion
Prionadded 2022/03/30 11:15 p.m.14 views

Command injection

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks...

10CVSS9.8AI score0.0755EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2022/03/30 11:15 p.m.13 views

Authentication flaw

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies...

10CVSS9.3AI score0.01052EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/03/30 10:43 p.m.17 views

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...

6.7AI score0.00236EPSS
Exploits1References3
CVE
CVEadded 2022/03/30 10:12 p.m.80 views

CVE-2021-46007

CVE-2021-46007 affects TotoLink A3100R, specifically version V5.9c.4577. The vulnerability is an operating system command injection in which an input field does not properly filter special symbols, allowing the backend to execute the ping command. Reported in multiple sources (NVD entry for CVE-2...

10CVSS9.8AI score0.0755EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/03/30 10:9 p.m.16 views

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

8.9AI score0.00863EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2022/02/24 3:15 p.m.80 views

CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.7AI score0.84255EPSS
In wildExploits1References2
ATTACKERKB
ATTACKERKBadded 2022/02/24 3:15 p.m.67 views

CVE-2022-25081

TOTOLink T10 V5.9c.5061B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.05664EPSS
In wildExploits1References2
ATTACKERKB
ATTACKERKBadded 2022/02/24 3:15 p.m.83 views

CVE-2022-25082

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

9.8CVSS7.6AI score0.89573EPSS
In wildExploits1References3
Rows per page
Query Builder