TOTOLINK A3002R Firmware 1.1.1-B20200824

CPE Details

TOTOLINK A3002R Firmware 1.1.1-B20200824
totolink
a3002r_firmware
1.1.1-b20200824
2021-08-26
09h41 +00:00
2022-03-21
16h08 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824:*:*:*:*:*:*:*

Informations

Vendor

totolink

Product

a3002r_firmware

Version

1.1.1-b20200824

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-34195 2024-08-27 22h00 +00:00 TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
9.8
Critical
CVE-2021-34228 2021-08-20 14h49 +00:00 Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
6.1
Medium
CVE-2021-34223 2021-08-20 14h48 +00:00 Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
6.1
Medium
CVE-2021-34220 2021-08-20 14h47 +00:00 Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
6.1
Medium
CVE-2021-34218 2021-08-20 14h46 +00:00 Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.
5.3
Medium
CVE-2021-34215 2021-08-20 14h44 +00:00 Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.
6.1
Medium
CVE-2021-34207 2021-08-20 14h43 +00:00 Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.
6.1
Medium
CVE-2020-25499 2020-12-09 19h30 +00:00 TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.