Vulnerabilities > Totolink > A3002Ru Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2018-13313 Insecure Storage of Sensitive Information vulnerability in Totolink A3002Ru Firmware 1.0.8
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password.
network
low complexity
totolink CWE-922
6.5
2018-11-26 CVE-2018-13317 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
network
low complexity
totolink CWE-79
6.1
2018-11-26 CVE-2018-13312 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
network
low complexity
totolink CWE-79
6.1
2018-11-26 CVE-2018-13310 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
network
low complexity
totolink CWE-79
6.1
2018-11-26 CVE-2018-13309 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
network
low complexity
totolink CWE-79
6.1
2018-11-26 CVE-2018-13308 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
network
low complexity
totolink CWE-79
6.1