A3002r Firmware@1.1.1-b20200824 Security Vulnerabilities and Issues — A3002r Firmware@1.1.1-b20200824 CVE List

Lucene search

TotolinkA3002r Firmware1.1.1-b20200824

6 matches found

CVE•added 2021/08/20 5:15 p.m.•54 views

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

6.1CVSS6.4AI score0.00212EPSS

CVE•added 2021/08/20 5:15 p.m.•42 views

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.

6.1CVSS6.3AI score0.00191EPSS

CVE•added 2021/08/20 5:15 p.m.•42 views

CVE-2021-34228

Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.

6.1CVSS6.4AI score0.01806EPSS

CVE•added 2021/08/20 5:15 p.m.•40 views

CVE-2021-34218

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.

5.3CVSS5.2AI score0.00209EPSS

CVE•added 2021/08/20 5:15 p.m.•39 views

CVE-2021-34220

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.

6.1CVSS6.4AI score0.00191EPSS

CVE•added 2021/08/20 5:15 p.m.•38 views

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.

6.1CVSS6.3AI score0.00191EPSS