Vulnerabilities > Totolink > A3002Ru Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-48859 Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
network
low complexity
totolink CWE-863
8.8
2020-01-27 CVE-2019-19824 OS Command Injection vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available.
network
low complexity
totolink CWE-78
8.8
2020-01-27 CVE-2019-19823 Insufficiently Protected Credentials vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file.
7.5
2020-01-27 CVE-2019-19822 Missing Authentication for Critical Function vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords).
7.5