Vulnerabilities > Totolink > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-45735 Cleartext Transmission of Sensitive Information vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
network
low complexity
totolink CWE-319
7.5
2022-02-04 CVE-2021-45736 Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg.
network
low complexity
totolink
7.5
2022-02-04 CVE-2021-45737 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function.
network
low complexity
totolink
7.5
2022-02-04 CVE-2021-45739 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function.
network
low complexity
totolink
7.5
2022-02-04 CVE-2021-45741 Unspecified vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg.
network
low complexity
totolink
7.5
2021-08-05 CVE-2021-35325 Out-of-bounds Write vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
network
low complexity
totolink CWE-787
7.5
2021-08-05 CVE-2021-35326 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
network
low complexity
totolink
7.5
2020-12-09 CVE-2020-25499 Missing Authorization vulnerability in Totolink products
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'.
network
low complexity
totolink CWE-862
8.8
2020-11-24 CVE-2015-9550 Exposure of Resource to Wrong Sphere vulnerability in Totolink products
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices.
network
low complexity
totolink CWE-668
7.5
2020-01-27 CVE-2019-19824 OS Command Injection vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available.
network
low complexity
totolink CWE-78
8.8