Vulnerabilities > Totolink > A3100R Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-18 | CVE-2022-29638 | Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. | 7.8 |
| 2022-05-18 | CVE-2022-29639 | Unspecified vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. | 8.1 |
| 2022-05-18 | CVE-2022-29640 | Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. | 7.8 |
| 2022-05-18 | CVE-2022-29641 | Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. | 7.8 |
| 2022-05-18 | CVE-2022-29642 | Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. | 7.8 |
| 2022-05-18 | CVE-2022-29643 | Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. | 7.8 |
| 2022-03-30 | CVE-2021-46008 | Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 5.9C.4577 In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. | 7.9 |
| 2022-03-11 | CVE-2021-44620 | Command Injection vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504 A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | 7.5 |
| 2022-02-04 | CVE-2021-44246 | Unspecified vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. | 7.5 |
| 2022-02-04 | CVE-2021-44247 | Command Injection vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. | 7.5 |