Show filters
11 Total Results
Displaying 1-10 of 11
Sort by:
Attacker Value
Unknown
CVE-2024-34195
Disclosure Date: August 28, 2024 (last updated August 31, 2024)
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
0
Attacker Value
Unknown
CVE-2022-40112
Disclosure Date: September 06, 2022 (last updated October 08, 2023)
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.
0
Attacker Value
Unknown
CVE-2022-40111
Disclosure Date: September 06, 2022 (last updated October 08, 2023)
In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
0
Attacker Value
Unknown
CVE-2022-40110
Disclosure Date: September 06, 2022 (last updated October 08, 2023)
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
0
Attacker Value
Unknown
CVE-2022-40109
Disclosure Date: September 06, 2022 (last updated October 08, 2023)
TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.
0
Attacker Value
Unknown
CVE-2021-34228
Disclosure Date: August 20, 2021 (last updated February 23, 2025)
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
0
Attacker Value
Unknown
CVE-2021-34220
Disclosure Date: August 20, 2021 (last updated February 23, 2025)
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
0
Attacker Value
Unknown
CVE-2021-34215
Disclosure Date: August 20, 2021 (last updated February 23, 2025)
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.
0
Attacker Value
Unknown
CVE-2021-34223
Disclosure Date: August 20, 2021 (last updated February 23, 2025)
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
0
Attacker Value
Unknown
CVE-2021-34207
Disclosure Date: August 20, 2021 (last updated February 23, 2025)
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.
0
