Totolink

A3002ru Firmware

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-35491

  • EPSS 0.41%
  • Veröffentlicht 10.08.2022 20:15:54
  • Zuletzt bearbeitet 21.11.2024 07:11:14

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

6.5

CVE-2018-13313

Exploit
  • EPSS 0.42%
  • Veröffentlicht 24.02.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 03:46:51

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to ...

7.5

CVE-2019-19822

Exploit
  • EPSS 2.79%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:27

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, ...

7.5

CVE-2019-19823

Exploit
  • EPSS 1.36%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT throug...

9

CVE-2019-19824

Exploit
  • EPSS 93.67%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the dev...

9.8

CVE-2019-19825

Exploit
  • EPSS 0.62%
  • Veröffentlicht 27.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determ...

10

CVE-2018-13316

Exploit
  • EPSS 15.3%
  • Veröffentlicht 27.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:51

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.

10

CVE-2018-13314

Exploit
  • EPSS 15.3%
  • Veröffentlicht 27.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:51

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.

10

CVE-2018-13307

Exploit
  • EPSS 15.3%
  • Veröffentlicht 27.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:49

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.

10

CVE-2018-13306

Exploit
  • EPSS 15.3%
  • Veröffentlicht 27.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:48

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.