cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-34195,https://securityvulnerability.io/vulnerability/CVE-2024-34195,Buffer Overflow Vulnerability in TOTOLINK AC1200 Wireless Router A3002R Firmware,"The TOTOLINK AC1200 Wireless Router A3002R Firmware version V1.1.1-B20200824 is susceptible to a buffer overflow vulnerability due to inappropriate handling of input lengths in its boa server's CGI processing. Specifically, the wlan_ssid field lacks adequate length restriction, making it possible for attackers to manipulate the formWlanRedirect and formWlEncrypt functions. This manipulation can lead to a buffer overflow scenario that may allow unauthorized command execution or a denial of service, posing significant risks to device integrity and the security of the network.",TOTOLINK,A3002r Firmware,9.8,CRITICAL,0.004689999856054783,false,false,false,false,,false,false,2024-08-28T20:15:00.000Z,0
CVE-2024-42520,https://securityvulnerability.io/vulnerability/CVE-2024-42520,Buffer Overflow Vulnerability in TOTOLINK A3002R v4.0.0-B20230531.1404,"The TOTOLINK A3002R, specifically version 4.0.0-B20230531.1404, has been identified to have a buffer overflow vulnerability in the /bin/boa module through the formParentControl function. This vulnerability presents potential risks to the integrity of the device, allowing unauthorized access and exploitation avenues for attackers. Security measures must be taken to mitigate the risks associated with this vulnerability.",TOTOLINK,A3002r Firmware,9.8,CRITICAL,0.01269999984651804,false,false,false,false,,false,false,2024-08-12T00:00:00.000Z,0
CVE-2022-40112,https://securityvulnerability.io/vulnerability/CVE-2022-40112,,TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable Buffer Overflow via the hostname parameter in binary /bin/boa.,Totolink,A3002r Firmware,7.5,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2022-09-06T16:54:58.000Z,0
CVE-2022-40111,https://securityvulnerability.io/vulnerability/CVE-2022-40111,,"In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.",Totolink,A3002r Firmware,9.8,CRITICAL,0.008430000394582748,false,false,false,false,,false,false,2022-09-06T16:53:00.000Z,0
CVE-2022-40110,https://securityvulnerability.io/vulnerability/CVE-2022-40110,,TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.,Totolink,A3002r Firmware,7.5,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2022-09-06T16:51:39.000Z,0
CVE-2022-40109,https://securityvulnerability.io/vulnerability/CVE-2022-40109,,TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Insecure Permissions via binary /bin/boa.,Totolink,A3002r Firmware,9.8,CRITICAL,0.010080000385642052,false,false,false,false,,false,false,2022-09-06T16:46:53.000Z,0
CVE-2021-34228,https://securityvulnerability.io/vulnerability/CVE-2021-34228,,"Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the ""Description"" field and ""Service Name"" field.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2021-08-20T16:49:24.000Z,0
CVE-2021-34223,https://securityvulnerability.io/vulnerability/CVE-2021-34223,,"Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the ""URL Address"" field.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2021-08-20T16:48:48.000Z,0
CVE-2021-34220,https://securityvulnerability.io/vulnerability/CVE-2021-34220,,"Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the ""User Name"" field or ""Password"" field.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2021-08-20T16:47:55.000Z,0
CVE-2021-34218,https://securityvulnerability.io/vulnerability/CVE-2021-34218,,"Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.",Totolink,A3002r Firmware,5.3,MEDIUM,0.0008200000156648457,false,false,false,false,,false,false,2021-08-20T16:46:09.000Z,0
CVE-2021-34215,https://securityvulnerability.io/vulnerability/CVE-2021-34215,,"Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the ""Service Name"" field.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2021-08-20T16:44:37.000Z,0
CVE-2021-34207,https://securityvulnerability.io/vulnerability/CVE-2021-34207,,"Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the ""Domain Name"" field, ""Server Address"" field, ""User Name/Email"", or ""Password/Key"" field.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2021-08-20T16:43:08.000Z,0
CVE-2020-25499,https://securityvulnerability.io/vulnerability/CVE-2020-25499,,TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.,Totolink,A3002r Firmware,8.8,HIGH,0.006320000160485506,false,false,false,false,,false,false,2020-12-09T20:30:55.000Z,0