CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-35324
https://notcve.org/view.php?id=CVE-2021-35324
05 Aug 2021 — A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. Una vulnerabilidad en la función Form_Login de TOTOLINK A720R A720R_Firmware versión V4.1.5cu.470_B20200911, permite a atacantes omitir la autenticación • https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_login_bypass.md •
CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 2CVE-2021-27710
https://notcve.org/view.php?id=CVE-2021-27710
14 Apr 2021 — Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS. Una Inyección de Comandos en el enrutador TOTOLINK X5000R co... • https://hackmd.io/Hy3oVgtcQiuqAtv9FdylHw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 2CVE-2021-27708
https://notcve.org/view.php?id=CVE-2021-27708
14 Apr 2021 — Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS. Una inyección de comandos en el enrutador TOTOLINK... • https://hackmd.io/7FtB06f-SJ-SCfkMYcXYxA • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •