Totolink » A3100r Firmware (Seite 4)

7.8

CVE-2022-29638

Exploit

EPSS 0.39%
Veröffentlicht 18.05.2022 12:15:08
Zuletzt bearbeitet 21.11.2024 06:59:28

TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf...

6.5

CVE-2021-46006

Exploit

EPSS 0.24%
Veröffentlicht 30.03.2022 23:15:07
Zuletzt bearbeitet 21.11.2024 06:33:27

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

8.8

CVE-2021-46008

Exploit

EPSS 0.17%
Veröffentlicht 30.03.2022 23:15:07
Zuletzt bearbeitet 21.11.2024 06:33:28

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.

10

CVE-2021-46009

Exploit

EPSS 1.02%
Veröffentlicht 30.03.2022 23:15:07
Zuletzt bearbeitet 21.11.2024 06:33:28

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

8.8

CVE-2021-46010

Exploit

EPSS 0.86%
Veröffentlicht 30.03.2022 23:15:07
Zuletzt bearbeitet 21.11.2024 06:33:28

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.

9.8