Vulnerabilities > Totolink > A720R Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-45739 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function.
network
low complexity
totolink
7.5
2022-02-04 CVE-2021-45740 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function.
network
low complexity
totolink
critical
9.8
2022-02-04 CVE-2021-45742 Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function.
network
low complexity
totolink CWE-77
critical
9.8
2021-08-05 CVE-2021-35324 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
network
low complexity
totolink
critical
9.8
2021-08-05 CVE-2021-35325 Out-of-bounds Write vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
network
low complexity
totolink CWE-787
7.5
2021-08-05 CVE-2021-35326 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
network
low complexity
totolink
7.5
2021-08-05 CVE-2021-35327 Missing Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
network
low complexity
totolink CWE-862
critical
9.8
2021-04-14 CVE-2021-27710 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
9.8
2021-04-14 CVE-2021-27708 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
9.8