cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35491,https://securityvulnerability.io/vulnerability/CVE-2022-35491,Hardcoded Password Vulnerability in TOTOLINK A3002RU Router,"The TOTOLINK A3002RU router version V3.0.0-B20220304.1804 is vulnerable due to a hardcoded password for the root user located in the /etc/shadow.sample file. This security flaw can potentially allow unauthorized access and manipulation of the device, leading to significant security risks. Users are encouraged to review their device's configuration and take necessary measures to secure their network.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.008430000394582748,false,,false,false,false,,,false,false,,2022-08-10T20:15:00.000Z,0
CVE-2018-13313,https://securityvulnerability.io/vulnerability/CVE-2018-13313,Admin Password returned in password.htm,"In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However, this JavaScript contains the current user’s password in plaintext.",Totolink,A3002ru Firmware,6.5,MEDIUM,0.0015300000086426735,false,,false,false,false,,,false,false,,2020-02-24T18:16:17.000Z,0
CVE-2019-19822,https://securityvulnerability.io/vulnerability/CVE-2019-19822,Remote Configuration Exposure in TOTOLINK and Realtek SDK Routers,"An information disclosure vulnerability exists in the administration interface of certain TOTOLINK routers and devices utilizing the Realtek SDK. Attackers can exploit this vulnerability to access sensitive configuration details, including usernames and passwords. This flaw affects a range of TOTOLINK models and several other routers based on Realtek's platform, potentially compromising network security. Immediate action is recommended to secure affected devices.",Totolink,A3002ru Firmware,7.5,HIGH,0.024000000208616257,false,,false,false,false,,,false,false,,2020-01-27T17:55:12.000Z,0
CVE-2019-19823,https://securityvulnerability.io/vulnerability/CVE-2019-19823,Information Disclosure in TOTOLINK Routers by Realtek,"TOTOLINK routers, utilizing Realtek's APMIB firmware, are susceptible to information disclosure due to the storage of administrative passwords in cleartext within flash memory. This flaw affects multiple models, compromising the confidentiality of sensitive credentials and posing a significant risk to network security. Users are advised to update their firmware to mitigate this vulnerability and secure their devices against unauthorized access.",Totolink,A3002ru Firmware,7.5,HIGH,0.012009999714791775,false,,false,false,false,,,false,false,,2020-01-27T17:49:21.000Z,0
CVE-2019-19824,https://securityvulnerability.io/vulnerability/CVE-2019-19824,Command Injection Vulnerability in TOTOLINK Realtek SDK Routers,"A command injection vulnerability exists in certain models of TOTOLINK routers powered by the Realtek SDK. An attacker with authentication can exploit this flaw by sending crafted requests to the device's sysCmd parameter via the boafrm/formSysCmd URI. This vulnerability provides the potential for the attacker to execute arbitrary operating system commands, granting them complete control over the router's internal systems, even if the graphical user interface for command execution is not accessible.",Totolink,A3002ru Firmware,8.8,HIGH,0.7586299777030945,false,,false,false,false,,,false,false,,2020-01-27T17:03:58.000Z,0
CVE-2019-19825,https://securityvulnerability.io/vulnerability/CVE-2019-19825,CAPTCHA Bypass Vulnerability in TOTOLINK Realtek SDK Based Routers,"Certain TOTOLINK routers that utilize Realtek SDK exhibit a vulnerability that allows an attacker to bypass CAPTCHA protections. By exploiting a specific POST request to the boafrm/formLogin endpoint, an adversary can retrieve the CAPTCHA text without needing to validate it. Once valid credentials are known, the CAPTCHA serves no further purpose, enabling an attacker to perform administrative actions on the router via Basic Authentication. The affected product line includes models A3002RU, A702R, N301RT, N302R, N300RT, N200RE, N150RT, and N100RE across various firmware versions.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.027650000527501106,false,,false,false,false,,,false,false,,2020-01-27T16:50:28.000Z,0
CVE-2018-13314,https://securityvulnerability.io/vulnerability/CVE-2018-13314,,"System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ipAddr"" POST parameter.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.09087999910116196,false,,false,false,false,,,false,false,,2018-11-27T21:00:00.000Z,0
CVE-2018-13316,https://securityvulnerability.io/vulnerability/CVE-2018-13316,,"System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""subnet"" POST parameter.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.09087999910116196,false,,false,false,false,,,false,false,,2018-11-27T21:00:00.000Z,0
CVE-2018-13307,https://securityvulnerability.io/vulnerability/CVE-2018-13307,,"System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ntpServerIp2"" POST parameter. Certain payloads cause the device to become permanently inoperable.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.09087999910116196,false,,false,false,false,,,false,false,,2018-11-27T21:00:00.000Z,0
CVE-2018-13306,https://securityvulnerability.io/vulnerability/CVE-2018-13306,,"System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""ftpUser"" POST parameter.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.09087999910116196,false,,false,false,false,,,false,false,,2018-11-27T21:00:00.000Z,0
CVE-2018-13309,https://securityvulnerability.io/vulnerability/CVE-2018-13309,,Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.,Totolink,A3002ru Firmware,6.1,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13308,https://securityvulnerability.io/vulnerability/CVE-2018-13308,,"Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the ""User phrases button"" field.",Totolink,A3002ru Firmware,6.1,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13317,https://securityvulnerability.io/vulnerability/CVE-2018-13317,,Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.,Totolink,A3002ru Firmware,6.1,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13310,https://securityvulnerability.io/vulnerability/CVE-2018-13310,,Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.,Totolink,A3002ru Firmware,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13312,https://securityvulnerability.io/vulnerability/CVE-2018-13312,,"Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the ""Input your notice URL"" field.",Totolink,A3002ru Firmware,6.1,MEDIUM,0.001550000044517219,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13315,https://securityvulnerability.io/vulnerability/CVE-2018-13315,,Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request.,Totolink,A3002ru Firmware,9.8,CRITICAL,0.011760000139474869,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0
CVE-2018-13311,https://securityvulnerability.io/vulnerability/CVE-2018-13311,,"System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the ""sambaUser"" POST parameter.",Totolink,A3002ru Firmware,9.8,CRITICAL,0.0019499999471008778,false,,false,false,false,,,false,false,,2018-11-26T22:00:00.000Z,0