A3100r Firmware@5.9c.4577 Security Vulnerabilities and Issues — A3100r Firmware@5.9c.4577 CVE List

Lucene search

TotolinkA3100r Firmware5.9c.4577

4 matches found

CVE•added 2022/03/30 11:15 p.m.•83 views

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.

8.8CVSS8.7AI score0.00863EPSS

CVE•added 2022/03/30 11:15 p.m.•80 views

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

10CVSS9.3AI score0.0102EPSS

CVE•added 2022/03/30 11:15 p.m.•63 views

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

6.5CVSS6.5AI score0.00236EPSS

CVE•added 2022/03/30 11:15 p.m.•62 views

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.

8.8CVSS8.7AI score0.00168EPSS