Vulnerabilities > Totolink > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-29646 Exposure of Resource to Wrong Sphere vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.
network
low complexity
totolink CWE-668
5.3
5.3
2022-05-02 CVE-2020-23617 Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.
network
low complexity
totolink CWE-79
6.1
6.1
2022-03-31 CVE-2021-43661 Cross-site Scripting vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
network
low complexity
totolink CWE-79
6.1
6.1
2022-03-31 CVE-2021-43662 Allocation of Resources Without Limits or Throttling vulnerability in Totolink A720R Firmware and Ex300 V2 Firmware
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
low complexity
totolink CWE-770
6.5
6.5
2022-03-30 CVE-2021-46006 Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated.
network
low complexity
totolink CWE-306
6.5
6.5
2021-08-20 CVE-2021-34207 Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.
network
low complexity
totolink CWE-79
6.1
6.1
2021-08-20 CVE-2021-34215 Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.
network
low complexity
totolink CWE-79
6.1
6.1
2021-08-20 CVE-2021-34218 Unspecified vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.
network
low complexity
totolink
5.3
5.3
2021-08-20 CVE-2021-34220 Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
network
low complexity
totolink CWE-79
6.1
6.1
2021-08-20 CVE-2021-34223 Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
network
low complexity
totolink CWE-79
6.1
6.1