Vulnerabilities > Totolink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-2790 | Unspecified vulnerability in Totolink N200Re Firmware 9.3.5U.6255B20211224 A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. | 5.5 |
| 2023-01-27 | CVE-2022-48067 | Use of Hard-coded Credentials vulnerability in Totolink A830R Firmware 4.1.2Cu.5182 An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack. | 5.5 |
| 2022-06-03 | CVE-2021-42892 | Use of Hard-coded Credentials vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | 4.3 |
| 2022-05-18 | CVE-2022-29646 | Exposure of Resource to Wrong Sphere vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | 5.3 |
| 2022-05-02 | CVE-2020-23617 | Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | 6.1 |
| 2022-03-31 | CVE-2021-43661 | Cross-site Scripting vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | 6.1 |
| 2022-03-31 | CVE-2021-43662 | Allocation of Resources Without Limits or Throttling vulnerability in Totolink A720R Firmware and Ex300 V2 Firmware totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | 6.5 |
| 2022-03-30 | CVE-2021-46006 | Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577 In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. | 6.5 |
| 2021-08-20 | CVE-2021-34207 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824 Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. | 6.1 |
| 2021-08-20 | CVE-2021-34215 | Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824 Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. | 6.1 |