A860r Firmware Security Vulnerabilities and Issues — A860r Firmware CVE List

Lucene search

TotolinkA860r Firmware

8 matches found

CVE•added 2022/02/24 3:15 p.m.•189 views

CVE-2022-25083

TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

9.8CVSS9.9AI score0.06059EPSS

CVE•added 2022/08/29 12:15 a.m.•57 views

CVE-2022-36614

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

7.8CVSS7.7AI score0.00041EPSS

CVE•added 2022/09/06 5:15 p.m.•51 views

CVE-2022-37843

In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability.

9.8CVSS9.7AI score0.00728EPSS

CVE•added 2022/09/06 5:15 p.m.•48 views

CVE-2022-37841

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.

7.5CVSS7.6AI score0.00128EPSS

CVE•added 2022/09/06 5:15 p.m.•47 views

CVE-2022-37839

TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.

9.8CVSS9.4AI score0.00218EPSS

CVE•added 2022/09/29 12:15 p.m.•44 views

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.

9.8CVSS9.8AI score0.01389EPSS

CVE•added 2022/09/06 5:15 p.m.•40 views

CVE-2022-37840

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.

9.8CVSS9.6AI score0.00218EPSS

CVE•added 2022/09/06 5:15 p.m.•36 views

CVE-2022-37842

In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.

9.8CVSS9.6AI score0.00218EPSS