Vulnerabilities > Totolink > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-03 | CVE-2021-42892 | Use of Hard-coded Credentials vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | 5.0 |
| 2022-06-03 | CVE-2021-42886 | Information Exposure vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | 5.0 |
| 2022-05-24 | CVE-2022-29377 | Out-of-bounds Write vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. | 5.0 |
| 2022-05-18 | CVE-2022-29646 | Exposure of Resource to Wrong Sphere vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504/4.1.2Cu.5247B20211129 An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | 5.0 |
| 2022-05-02 | CVE-2020-23617 | Cross-site Scripting vulnerability in Totolink N100Re Firmware and N200Re Firmware A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. | 4.3 |
| 2022-03-31 | CVE-2021-43661 | Cross-site Scripting vulnerability in Totolink Ex300 V2 Firmware 4.0.3C.140B20210429 totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | 4.3 |
| 2022-03-30 | CVE-2021-46006 | Missing Authentication for Critical Function vulnerability in Totolink A3100R Firmware 5.9C.4577 In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. | 4.0 |
| 2022-03-30 | CVE-2021-46010 | Use of Insufficiently Random Values vulnerability in Totolink A3100R Firmware 5.9C.4577 Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. | 6.5 |
| 2022-03-30 | CVE-2022-25008 | Missing Authentication for Critical Function vulnerability in Totolink Ex1200T Firmware and Ex300 V2 Firmware totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | 5.8 |
| 2022-02-04 | CVE-2021-45735 | Cleartext Transmission of Sensitive Information vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102 TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software. | 5.0 |