Vulnerabilities > Totolink > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13314 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | 9.8 |
| 2018-11-27 | CVE-2018-13307 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. | 9.8 |
| 2018-11-27 | CVE-2018-13306 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | 9.8 |
| 2018-11-26 | CVE-2018-13315 | Improper Input Validation vulnerability in Totolink A3002Ru Firmware 1.0.8 Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. | 9.8 |
| 2018-11-26 | CVE-2018-13311 | OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | 9.8 |