Vulnerabilities > Totolink > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-20 CVE-2021-34228 Cross-site Scripting vulnerability in Totolink A3002R Firmware 1.1.1B20200824
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
network
low complexity
totolink CWE-79
6.1
6.1
2021-01-14 CVE-2020-27368 Files or Directories Accessible to External Parties vulnerability in Totolink A702R Firmware 1.0.0B20161227.1023
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
local
low complexity
totolink CWE-552
5.5
5.5
2020-02-24 CVE-2018-13313 Insecure Storage of Sensitive Information vulnerability in Totolink A3002Ru Firmware 1.0.8
In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password.
network
low complexity
totolink CWE-922
6.5
6.5
2018-11-26 CVE-2018-13317 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
network
low complexity
totolink CWE-79
6.1
6.1
2018-11-26 CVE-2018-13312 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
network
low complexity
totolink CWE-79
6.1
6.1
2018-11-26 CVE-2018-13310 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
network
low complexity
totolink CWE-79
6.1
6.1
2018-11-26 CVE-2018-13309 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
network
low complexity
totolink CWE-79
6.1
6.1
2018-11-26 CVE-2018-13308 Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
network
low complexity
totolink CWE-79
6.1
6.1