A720r Firmware Security Vulnerabilities and Issues — A720r Firmware CVE List

Lucene search

TotolinkA720r Firmware

11 matches found

CVE•added 2022/03/31 12:15 a.m.•80 views

CVE-2021-43662

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.

6.5CVSS6.5AI score0.00084EPSS

CVE•added 2022/02/04 2:15 a.m.•54 views

CVE-2021-44247

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.

9.8CVSS10AI score0.27117EPSS

CVE•added 2022/02/04 2:15 a.m.•53 views

CVE-2021-44246

Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.

7.8CVSS7.7AI score0.00386EPSS

CVE•added 2022/02/04 2:15 a.m.•47 views

CVE-2021-45740

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.

9.8CVSS9.5AI score0.00528EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2021-45737

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.

7.8CVSS7.6AI score0.00386EPSS

CVE•added 2022/09/15 6:15 p.m.•45 views

CVE-2022-38534

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.

7.2CVSS7.4AI score0.01901EPSS

CVE•added 2022/02/04 2:15 a.m.•44 views

CVE-2021-45739

7.8CVSS7.6AI score0.00386EPSS

CVE•added 2022/02/04 2:15 a.m.•44 views

CVE-2021-45742

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

10CVSS9.9AI score0.20865EPSS

CVE•added 2022/08/29 12:15 a.m.•38 views

CVE-2022-36610

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

7.8CVSS7.7AI score0.00041EPSS

CVE•added 2022/08/25 2:15 p.m.•36 views

CVE-2022-36456

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

7.8CVSS7.8AI score0.00242EPSS

CVE•added 2022/09/15 6:15 p.m.•35 views

CVE-2022-38535

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.

7.2CVSS7.4AI score0.01901EPSS