Totolink

A3002ru Firmware

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2024-51228

  • EPSS 61.18%
  • Veröffentlicht 27.11.2024 17:15:12
  • Zuletzt bearbeitet 29.11.2024 20:15:20

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-...

9.8

CVE-2024-34198

Exploit
  • EPSS 0.42%
  • Veröffentlicht 28.08.2024 15:15:16
  • Zuletzt bearbeitet 03.07.2025 11:58:29

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft maliciou...

8.8

CVE-2023-48859

Exploit
  • EPSS 0.06%
  • Veröffentlicht 06.12.2023 15:15:06
  • Zuletzt bearbeitet 21.11.2024 08:32:33

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

9.8

CVE-2022-35491

  • EPSS 0.43%
  • Veröffentlicht 10.08.2022 20:15:54
  • Zuletzt bearbeitet 21.11.2024 07:11:14

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

6.5

CVE-2018-13313

Exploit
  • EPSS 0.42%
  • Veröffentlicht 24.02.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 03:46:51

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to ...

7.5

CVE-2019-19823

Exploit
  • EPSS 35.2%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT throug...

7.5

CVE-2019-19822

Exploit
  • EPSS 43.04%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:27

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, ...

9

CVE-2019-19824

Exploit
  • EPSS 90.21%
  • Veröffentlicht 27.01.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the dev...

9.8

CVE-2019-19825

Exploit
  • EPSS 28.75%
  • Veröffentlicht 27.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:35:28

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determ...

10

CVE-2018-13316

Exploit
  • EPSS 15.3%
  • Veröffentlicht 27.11.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:51

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.