CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23064
https://notcve.org/view.php?id=CVE-2023-23064
17 Feb 2023 — TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. • https://github.com/shellpei/TOTOLINK-Unauthorized/blob/main/CVE-2023-23064 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36610
https://notcve.org/view.php?id=CVE-2022-36610
28 Aug 2022 — TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Se ha detectado que TOTOLINK A720R versión V4.1.5cu.532_B20210610, contiene una contraseña embebida para root en el archivo /etc/shadow.sample • https://github.com/whiter6666/CVE/blob/main/TOTOLINK_A720R/hard_code.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36456
https://notcve.org/view.php?id=CVE-2022-36456
25 Aug 2022 — TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. Se ha detectado que TOTOLink A720R V4.1.5cu.532_B20210610 contiene una vulnerabilidad de inyección de comandos por medio del parámetro username en el archivo /cstecgi.cgi. • https://github.com/Darry-lang1/vuln/tree/main/TOTOLINK/A720R/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •