CVE-2020-23617
- EPSS 0.2%
- Published 02.05.2022 23:15:07
- Last modified 21.11.2024 05:13:56
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
CVE-2019-19822
- EPSS 2.79%
- Published 27.01.2020 18:15:12
- Last modified 21.11.2024 04:35:27
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, ...
CVE-2019-19823
- EPSS 1.36%
- Published 27.01.2020 18:15:12
- Last modified 21.11.2024 04:35:28
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT throug...
- EPSS 93.67%
- Published 27.01.2020 18:15:12
- Last modified 21.11.2024 04:35:28
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the dev...
CVE-2019-19825
- EPSS 0.62%
- Published 27.01.2020 17:15:12
- Last modified 21.11.2024 04:35:28
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determ...