5 matches found
CVE-2025-55584
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account...
CVE-2025-55587
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2025-55591
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint...
CVE-2025-45861
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface...
CVE-2021-25959 OpenCRX - Reflected Cross-Site Scripting in Password Reset Functionality
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting XSS, due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance...