Vulnerabilities > Totolink > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-29641 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules.
network
low complexity
totolink CWE-787
7.5
2022-05-18 CVE-2022-29642 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules.
network
low complexity
totolink CWE-787
7.5
2022-05-18 CVE-2022-29643 Out-of-bounds Write vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos.
network
low complexity
totolink CWE-787
7.5
2022-03-31 CVE-2021-43663 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
high complexity
totolink CWE-77
7.5
2022-03-30 CVE-2021-43664 Command Injection vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
network
high complexity
totolink CWE-77
8.1
2022-03-30 CVE-2021-46008 Use of Hard-coded Credentials vulnerability in Totolink A3100R Firmware 5.9C.4577
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware.
low complexity
totolink CWE-798
8.8
2022-03-30 CVE-2021-46010 Use of Insufficiently Random Values vulnerability in Totolink A3100R Firmware 5.9C.4577
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration.
network
low complexity
totolink CWE-330
8.8
2022-03-30 CVE-2022-25008 Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware and Ex300 V2 Firmware
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
low complexity
totolink CWE-306
8.8
2022-02-04 CVE-2021-44246 Unspecified vulnerability in Totolink A3100R Firmware, A720R Firmware and A830R Firmware
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg.
network
low complexity
totolink
7.5
2022-02-04 CVE-2021-45734 Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules.
network
low complexity
totolink
7.5