Page 88 of 527 results (0.018 seconds)

CVSS: 7.9EPSS: 0%CPEs: 2EXPL: 1

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente cloudupdate_check • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. totolink EX300_v2, versión V4.0.3c.140_B20210429 y A720R ,versión V4.1.5cu.470_B20200911, presentan un problema que causa un consumo no controlado de recursos • https://github.com/chibataiki/iot-vuls/blob/main/totolink/dos.md • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejada por medio del componente /home.asp • https://github.com/chibataiki/iot-vuls/blob/main/totolink/xss-vulnerability.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 1

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. Se ha detectado que totolink EX300_v2 versión V4.0.3c.140_B20210429, contiene una vulnerabilidad de inyección de comandos por medio del componente process forceugpo • https://github.com/chibataiki/iot-vuls/blob/main/totolink/command-injection2.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. En Totolink A3100R versión V5.9c.4577, "test.asp" contiene una función tipo API, que no está autenticada. Usando esta función, un atacante puede configurar múltiples ajustes sin autenticación • http://a3100r.com http://totolink.com https://hackmd.io/vS-OfUEzSqqKh8e1PKce5A • CWE-306: Missing Authentication for Critical Function •