CVE-2018-13308
- EPSS 0.21%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:49
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
CVE-2018-13317
- EPSS 0.21%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:51
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
CVE-2018-13315
- EPSS 0.97%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:51
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.
CVE-2018-13312
- EPSS 0.21%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:51
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
- EPSS 6.48%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:50
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
CVE-2018-13310
- EPSS 0.21%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:50
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
CVE-2018-13309
- EPSS 0.21%
- Published 26.11.2018 23:29:00
- Last modified 21.11.2024 03:46:49
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.