Vulnerabilities > Totolink > A3100R Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-42547 Classic Buffer Overflow vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
network
low complexity
totolink CWE-120
critical
9.8
2024-08-12 CVE-2024-42546 Classic Buffer Overflow vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
network
low complexity
totolink CWE-120
critical
9.8
2022-05-18 CVE-2022-29645 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.
network
low complexity
totolink CWE-798
critical
9.8
2022-05-18 CVE-2022-29644 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
network
low complexity
totolink CWE-798
critical
9.8
2022-03-30 CVE-2021-46009 Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication.
network
low complexity
totolink CWE-306
critical
9.8
2022-03-15 CVE-2022-26214 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26212 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26211 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26210 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter.
network
low complexity
totolink CWE-78
critical
9.8
2022-03-15 CVE-2022-26209 OS Command Injection vulnerability in Totolink products
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter.
network
low complexity
totolink CWE-78
critical
9.8