CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29646
https://notcve.org/view.php?id=CVE-2022-29646
18 May 2022 — An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. Un problema de control de acceso en TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 permite a atacantes obtener información confidencial por medio de una petición web diseñada • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/9.md • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-29645
https://notcve.org/view.php?id=CVE-2022-29645
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para root almacenada en el componente /etc/shadow.sample • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/8.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29644
https://notcve.org/view.php?id=CVE-2022-29644
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una contraseña embebida para el servicio telnet almacenada en el componente /web_cste/cgi-bin/product.ini • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/7.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29643
https://notcve.org/view.php?id=CVE-2022-29643
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro macAddress en la función setMacQos. Esta vulnerabilidad permite a atacantes causar una D... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/6.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29642
https://notcve.org/view.php?id=CVE-2022-29642
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por el parámetro url en la función setUrlFilterRules. Esta vulnerabilidad permite a atacantes causar una Denega... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/5.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29641
https://notcve.org/view.php?id=CVE-2022-29641
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 contienen un desbordamiento de pila a través de los parámetros startTime y endTime en la función setParentalRules. Esta vulnerabilidad permite ... • http://totolink.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29640
https://notcve.org/view.php?id=CVE-2022-29640
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setPortForwardRules. Esta vulnerabilidad permite a atacante... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/3.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29638
https://notcve.org/view.php?id=CVE-2022-29638
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setIpQosRules. Esta vulnerabilidad permite a atacantes causar una... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/2.md • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29639
https://notcve.org/view.php?id=CVE-2022-29639
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una vulnerabilidad de inyección de comando por medio del parámetro magicid en la función uci_cloudupdate_config • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/1.md •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-44620
https://notcve.org/view.php?id=CVE-2021-44620
11 Mar 2022 — A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. Se presenta una vulnerabilidad de Inyección de Comandos en TOTOLINK A3100R versiones anteriores a V4.1.2cu.5050_B20200504 incluyéndola, en el archivo adm/ntm.asp por medio de los parámetros hosTime • http://a3100r.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •