CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29642
https://notcve.org/view.php?id=CVE-2022-29642
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por el parámetro url en la función setUrlFilterRules. Esta vulnerabilidad permite a atacantes causar una Denega... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/5.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29641
https://notcve.org/view.php?id=CVE-2022-29641
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que TOTOLINK A3100R V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129 contienen un desbordamiento de pila a través de los parámetros startTime y endTime en la función setParentalRules. Esta vulnerabilidad permite ... • http://totolink.com • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29640
https://notcve.org/view.php?id=CVE-2022-29640
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setPortForwardRules. Esta vulnerabilidad permite a atacante... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/3.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-29638
https://notcve.org/view.php?id=CVE-2022-29638
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen un desbordamiento de pila por medio del parámetro comment en la función setIpQosRules. Esta vulnerabilidad permite a atacantes causar una... • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/2.md • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1CVE-2022-29639
https://notcve.org/view.php?id=CVE-2022-29639
18 May 2022 — TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config. Se ha detectado que TOTOLINK A3100R versiones V4.1.2cu.5050_B20200504 y V4.1.2cu.5247_B20211129, contienen una vulnerabilidad de inyección de comando por medio del parámetro magicid en la función uci_cloudupdate_config • https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20A3100R/1.md •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46006
https://notcve.org/view.php?id=CVE-2021-46006
30 Mar 2022 — In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. En Totolink A3100R versión V5.9c.4577, "test.asp" contiene una función tipo API, que no está autenticada. Usando esta función, un atacante puede configurar múltiples ajustes sin autenticación • http://a3100r.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46008
https://notcve.org/view.php?id=CVE-2021-46008
30 Mar 2022 — In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. En totolink a3100r versión V5.9c.4577, la contraseña de telnet embebida puede ser detectada desde el firmware oficial liberado. Un atacante, que ha sido conectado a Wi-Fi, puede fácilmente telnet en el objetivo con la shell root si el telnet es la función habilitada • http://a3100r.com • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46009
https://notcve.org/view.php?id=CVE-2021-46009
30 Mar 2022 — In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. En Totolink A3100R Versión 5.9c.4577, varias páginas pueden ser leídas por curl o Burp Suite sin autenticación. Además, pueden establecerse configuraciones de administración sin cookies • http://a3100r.com • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46010
https://notcve.org/view.php?id=CVE-2021-46010
30 Mar 2022 — Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. Totolink A3100R versión V5.9c.4577, sufre de Uso de Valores Insuficientemente Aleatorios por medio de la configuración web. El SESSION_ID es predecible. • http://a3100r.com • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2022-26214
https://notcve.org/view.php?id=CVE-2022-26214
15 Mar 2022 — Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. Totolink A830R versiones V5.9c.4729_B20191112, A3100R versiones V4.1.2cu.5050_B20200504, A950RG versiones V4.1.2cu.5161_B202009... • https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_29/29.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •