cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34195,https://securityvulnerability.io/vulnerability/CVE-2024-34195,Buffer Overflow Vulnerability in TOTOLINK AC1200 Wireless Router A3002R Firmware,"The TOTOLINK AC1200 Wireless Router A3002R Firmware version V1.1.1-B20200824 is susceptible to a buffer overflow vulnerability due to inappropriate handling of input lengths in its boa server's CGI processing. Specifically, the wlan_ssid field lacks adequate length restriction, making it possible for attackers to manipulate the formWlanRedirect and formWlEncrypt functions. This manipulation can lead to a buffer overflow scenario that may allow unauthorized command execution or a denial of service, posing significant risks to device integrity and the security of the network.",TOTOLINK,A3002r Firmware,9.8,CRITICAL,0.012199999764561653,false,,false,false,false,,,false,false,,2024-08-28T20:15:00.000Z,0
CVE-2024-42520,https://securityvulnerability.io/vulnerability/CVE-2024-42520,Buffer Overflow Vulnerability in TOTOLINK A3002R v4.0.0-B20230531.1404,"The TOTOLINK A3002R, specifically version 4.0.0-B20230531.1404, has been identified to have a buffer overflow vulnerability in the /bin/boa module through the formParentControl function. This vulnerability presents potential risks to the integrity of the device, allowing unauthorized access and exploitation avenues for attackers. Security measures must be taken to mitigate the risks associated with this vulnerability.",TOTOLINK,A3002r Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-12T00:00:00.000Z,0
CVE-2022-40112,https://securityvulnerability.io/vulnerability/CVE-2022-40112,Buffer Overflow Vulnerability in TOTOLINK A3002R Router,"The TOTOLINK A3002R router, specifically version V1.1.1-B20200824.0128, has a buffer overflow vulnerability that can be exploited through malicious input in the hostname parameter of the /bin/boa binary. This flaw could allow attackers to execute arbitrary code or potentially disrupt the device's functions, compromising network security and device integrity.",Totolink,A3002r Firmware,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-09-06T16:54:58.000Z,0
CVE-2022-40111,https://securityvulnerability.io/vulnerability/CVE-2022-40111,Hardcoded Credentials in TOTOLINK A3002R Firmware,"The TOTOLINK A3002R has a significant security issue where the root credentials are hardcoded within the firmware. This vulnerability allows attackers to potentially gain unauthorized access to the device by exploiting the hardcoded password. As a result, users are at risk of compromise, leading to potential control over their network and devices. It is crucial for users to be aware of this vulnerability and take appropriate measures to secure their devices.",Totolink,A3002r Firmware,9.8,CRITICAL,0.008430000394582748,false,,false,false,false,,,false,false,,2022-09-06T16:53:00.000Z,0
CVE-2022-40110,https://securityvulnerability.io/vulnerability/CVE-2022-40110,Buffer Overflow Vulnerability in TOTOLINK A3002R Router,"The TOTOLINK A3002R router, specifically version He-V1.1.1-B20200824.0128, is susceptible to a buffer overflow vulnerability that may allow unauthorized access or control over the device. This weakness arises due to improper handling of data inputs by the /bin/boa component, potentially exposing users to remote code execution and compromising the security of the connected network.",Totolink,A3002r Firmware,7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-09-06T16:51:39.000Z,0
CVE-2022-40109,https://securityvulnerability.io/vulnerability/CVE-2022-40109,Insecure Permissions Vulnerability in TOTOLINK A3002R Router,"The TOTOLINK A3002R router is susceptible to insecure permissions on the binary file /bin/boa, which can potentially allow unauthorized access and manipulation of the device's settings. This vulnerability enables malicious actors to exploit the permissions and gain elevated access to the system, potentially compromising the integrity and confidentiality of the router's operation. Users of this router model need to be aware of this security risk and take appropriate measures to secure their devices.",Totolink,A3002r Firmware,9.8,CRITICAL,0.010080000385642052,false,,false,false,false,,,false,false,,2022-09-06T16:46:53.000Z,0
CVE-2021-34228,https://securityvulnerability.io/vulnerability/CVE-2021-34228,Cross-Site Scripting Vulnerability in TOTOLINK A3002R Router,"The TOTOLINK A3002R router contains a cross-site scripting vulnerability located in the parent_control.htm file. This flaw allows attackers to inject and execute arbitrary JavaScript code through manipulation of the 'Description' and 'Service Name' fields. Successful exploitation of this vulnerability can lead to unauthorized actions or data interception, posing a significant risk to user security. To mitigate such risks, users are advised to ensure that their devices are updated with the latest firmware and to practice caution when modifying device settings.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-20T16:49:24.000Z,0
CVE-2021-34223,https://securityvulnerability.io/vulnerability/CVE-2021-34223,Cross-Site Scripting Vulnerability in TOTOLINK A3002R Router,"A Cross-Site Scripting vulnerability exists in the 'urlfilter.htm' file of the TOTOLINK A3002R router, specifically in version V1.1.1-B20200824. This flaw allows attackers to inject and execute arbitrary JavaScript code by manipulating the 'URL Address' field. Thus, malicious actors can exploit this vulnerability to potentially execute harmful scripts in the context of the victim's browser, leading to unauthorized actions or data theft.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-20T16:48:48.000Z,0
CVE-2021-34220,https://securityvulnerability.io/vulnerability/CVE-2021-34220,Cross-Site Scripting Vulnerability in TOTOLINK A3002R Router,"A cross-site scripting vulnerability exists in the 'tr069config.htm' file of the TOTOLINK A3002R router. This flaw allows attackers to inject arbitrary JavaScript code by manipulating the 'User Name' or 'Password' fields. If exploited, this vulnerability can lead to unauthorized actions, data theft, and a compromise of user sessions, thereby posing a significant security risk for users of the affected router model.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-20T16:47:55.000Z,0
CVE-2021-34218,https://securityvulnerability.io/vulnerability/CVE-2021-34218,Directory Indexing Vulnerability in TOTOLINK Router,"The directory indexing vulnerability in the TOTOLINK A702R router enables attackers to access sensitive directories such as /add/, /img/, /js/, and /mobile/ through a GET parameter. This can potentially expose critical information that may compromise the security of the device and its connected network.",Totolink,A3002r Firmware,5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-08-20T16:46:09.000Z,0
CVE-2021-34215,https://securityvulnerability.io/vulnerability/CVE-2021-34215,Cross-Site Scripting Vulnerability in TOTOLINK A3002R Router,"A cross-site scripting vulnerability exists in the tcpipwan.htm interface of the TOTOLINK A3002R router, specifically in version V1.1.1-B20200824. This security flaw allows attackers to inject and execute arbitrary JavaScript code by manipulating the 'Service Name' field. Successful exploitation of this vulnerability can lead to unauthorized data access and potential control over user sessions within the interface.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-20T16:44:37.000Z,0
CVE-2021-34207,https://securityvulnerability.io/vulnerability/CVE-2021-34207,Cross-Site Scripting in TOTOLINK A3002R Router Products,"The TOTOLINK A3002R router is vulnerable to a cross-site scripting (XSS) attack due to improper handling of user input in the ddns.htm component. Attackers can exploit this flaw by injecting malicious JavaScript code through several fields including 'Domain Name', 'Server Address', 'User Name/Email', or 'Password/Key'. If successfully executed, the injected script may compromise user data, hijack sessions, or redirect users to malicious sites. Users are advised to update their devices to the latest firmware to mitigate this risk.",Totolink,A3002r Firmware,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2021-08-20T16:43:08.000Z,0
CVE-2020-25499,https://securityvulnerability.io/vulnerability/CVE-2020-25499,Remote Code Execution Vulnerability in TOTOLINK Router,"The TOTOLINK A3002RU router is affected by a vulnerability that allows authenticated remote users to modify system commands. This flaw enables attackers to execute arbitrary operating system commands, potentially compromising the integrity of the device and the network it connects to. Users are advised to secure their router configurations to prevent unauthorized access.",Totolink,A3002r Firmware,8.8,HIGH,0.006320000160485506,false,,false,false,false,,,false,false,,2020-12-09T20:30:55.000Z,0