Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:totolink:a3100r_firmware:5.9c.4577:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-46010 |
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. Published: March 30, 2022; 7:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-46009 |
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. Published: March 30, 2022; 7:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-46008 |
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. Published: March 30, 2022; 7:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 7.9 HIGH |
CVE-2021-46006 |
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. Published: March 30, 2022; 7:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |