TOTOLINK A3002R Firmware 1.1.1-b20200824.0128

CPE Details

TOTOLINK A3002R Firmware 1.1.1-b20200824.0128
totolink
a3002r_firmware
1.1.1-b20200824.0128
2022-09-08
11h36 +00:00
2022-10-27
11h13 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824.0128:*:*:*:*:*:*:*

Informations

Vendor

totolink

Product

a3002r_firmware

Version

1.1.1-b20200824.0128

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-25609 2025-02-28 00h00 +00:00 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa
8
High
CVE-2025-25610 2025-02-28 00h00 +00:00 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.
8
High
CVE-2025-25635 2025-02-28 00h00 +00:00 TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
8
High
CVE-2022-40112 2022-09-06 14h54 +00:00 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.
7.5
High
CVE-2022-40111 2022-09-06 14h53 +00:00 In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
9.8
Critical
CVE-2022-40110 2022-09-06 14h51 +00:00 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
7.5
High
CVE-2022-40109 2022-09-06 14h46 +00:00 TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.