Vulnerabilities > Totolink
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-20 | CVE-2021-34220 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824 Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | 6.1 |
| 2021-08-20 | CVE-2021-34223 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824 Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | 6.1 |
| 2021-08-20 | CVE-2021-34228 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824 Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | 6.1 |
| 2021-08-05 | CVE-2021-35324 | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. | 9.8 |
| 2021-08-05 | CVE-2021-35325 | Out-of-bounds Write vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | 7.5 |
| 2021-08-05 | CVE-2021-35326 | Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. | 7.5 |
| 2021-08-05 | CVE-2021-35327 | Missing Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911 A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | 9.8 |
| 2021-04-14 | CVE-2021-27710 | OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. | 9.8 |
| 2021-04-14 | CVE-2021-27708 | OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. | 9.8 |
| 2021-01-14 | CVE-2020-27368 | Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023 Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | 5.5 |