Totolink

A3002ru Firmware

47 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-35491

  • EPSS 0.41%
  • Published 10.08.2022 20:15:54
  • Last modified 21.11.2024 07:11:14

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

6.5

CVE-2018-13313

Exploit
  • EPSS 0.42%
  • Published 24.02.2020 19:15:11
  • Last modified 21.11.2024 03:46:51

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to ...

7.5

CVE-2019-19822

Exploit
  • EPSS 2.79%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:27

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, ...

7.5

CVE-2019-19823

Exploit
  • EPSS 1.36%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:28

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT throug...

9

CVE-2019-19824

Exploit
  • EPSS 93.67%
  • Published 27.01.2020 18:15:12
  • Last modified 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the dev...

9.8

CVE-2019-19825

Exploit
  • EPSS 0.62%
  • Published 27.01.2020 17:15:12
  • Last modified 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determ...

10

CVE-2018-13316

Exploit
  • EPSS 15.3%
  • Published 27.11.2018 20:29:00
  • Last modified 21.11.2024 03:46:51

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.

10

CVE-2018-13314

Exploit
  • EPSS 15.3%
  • Published 27.11.2018 20:29:00
  • Last modified 21.11.2024 03:46:51

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.

10

CVE-2018-13307

Exploit
  • EPSS 15.3%
  • Published 27.11.2018 20:29:00
  • Last modified 21.11.2024 03:46:49

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.

10

CVE-2018-13306

Exploit
  • EPSS 15.3%
  • Published 27.11.2018 20:29:00
  • Last modified 21.11.2024 03:46:48

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.