Vulnerabilities > Totolink > N100Re Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2020-23617 Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
network
low complexity
totolink CWE-79
6.1
2020-01-27 CVE-2019-19824 OS Command Injection vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available.
network
low complexity
totolink CWE-78
8.8
2020-01-27 CVE-2019-19823 Insufficiently Protected Credentials vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file.
7.5
2020-01-27 CVE-2019-19822 Missing Authentication for Critical Function vulnerability in multiple products
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords).
7.5
2020-01-27 CVE-2019-19825 Improper Authentication vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass.
network
low complexity
totolink CWE-287
critical
9.8