Lucene search

K

13 matches found

CVE
CVE
added 2022/03/15 10:15 p.m.279 views

CVE-2022-26210

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the File...

9.8CVSS9.9AI score0.09127EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.120 views

CVE-2022-26207

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the i...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.96 views

CVE-2022-26209

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the ...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.95 views

CVE-2022-26212

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the dev...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.85 views

CVE-2022-26211

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via t...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/30 11:15 p.m.83 views

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.

8.8CVSS8.7AI score0.00863EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.82 views

CVE-2022-26208

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the web...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/30 11:15 p.m.80 views

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

10CVSS9.3AI score0.0102EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.79 views

CVE-2022-26206

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the la...

9.8CVSS9.9AI score0.17828EPSS
CVE
CVE
added 2022/03/15 10:15 p.m.74 views

CVE-2022-26214

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vuln...

9.8CVSS10AI score0.27117EPSS
CVE
CVE
added 2022/03/11 4:15 p.m.73 views

CVE-2021-44620

A Command Injection vulnerability exits in TOTOLINK A3100R

9.8CVSS9.6AI score0.04056EPSS
CVE
CVE
added 2022/03/30 11:15 p.m.63 views

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

6.5CVSS6.5AI score0.00236EPSS
CVE
CVE
added 2022/03/30 11:15 p.m.62 views

CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.

8.8CVSS8.7AI score0.00168EPSS