Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

A3100R Firmware Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2021-44247

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.

9.8CVSS

10AI Score

0.011EPSS

2022-02-04 02:15 AM
43
cve
cve

CVE-2021-44620

A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.

9.8CVSS

9.6AI Score

0.006EPSS

2022-03-11 04:15 PM
65
cve
cve

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

9.8CVSS

9.3AI Score

0.005EPSS

2022-03-30 11:15 PM
72
cve
cve

CVE-2022-25077

TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

9.8CVSS

9.9AI Score

0.004EPSS

2022-02-24 03:15 PM
38
In Wild
cve
cve

CVE-2022-26206

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the la...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
66
cve
cve

CVE-2022-26207

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the i...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
103
cve
cve

CVE-2022-26208

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the web...

9.8CVSS

9.9AI Score

0.013EPSS

2022-03-15 10:15 PM
71
cve
cve

CVE-2022-26209

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the ...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
80
cve
cve

CVE-2022-26210

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the File...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
116
In Wild
cve
cve

CVE-2022-26211

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via t...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
72
cve
cve

CVE-2022-26212

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the dev...

9.8CVSS

9.9AI Score

0.089EPSS

2022-03-15 10:15 PM
75
cve
cve

CVE-2022-26214

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vuln...

9.8CVSS

10AI Score

0.011EPSS

2022-03-15 10:15 PM
64
cve
cve

CVE-2022-29644

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.

9.8CVSS

9.5AI Score

0.014EPSS

2022-05-18 12:15 PM
53
2
cve
cve

CVE-2022-29645

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.

9.8CVSS

9.5AI Score

0.028EPSS

2022-05-18 12:15 PM
43
2
cve
cve

CVE-2024-42546

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.

9.8CVSS

7.7AI Score

0.009EPSS

2024-08-12 07:15 PM
31
cve
cve

CVE-2024-42547

TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

9.8CVSS

7.5AI Score

0.009EPSS

2024-08-12 07:15 PM
26