cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-42547,https://securityvulnerability.io/vulnerability/CVE-2024-42547,Buffer Overflow Vulnerability in TOTOLINK A3100R Router,"The TOTOLINK A3100R router exhibits a buffer overflow vulnerability in the loginauth function, specifically within the http_host parameter. This flaw can be exploited under certain conditions, potentially allowing attackers to execute arbitrary code or manipulate system behavior. It underscores the importance of timely updates and security measures to protect network devices against exploitation.",Totolink,A3100r Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-12T19:15:00.000Z,0
CVE-2024-42546,https://securityvulnerability.io/vulnerability/CVE-2024-42546,Buffer Overflow Vulnerability in TOTOLINK A3100R Router,"The TOTOLINK A3100R router is impacted by a buffer overflow vulnerability within the loginauth function, specifically affecting the password parameter. This vulnerability allows attackers to exploit the buffer overflow, potentially leading to unauthorized access or execution of arbitrary code. Users of the affected version, V4.1.2cu.5050_B20200504, should prioritize upgrading to a patched version to mitigate the risks associated with this security flaw.",Totolink,A3100r Firmware,9.8,CRITICAL,0.01686999946832657,false,,false,false,false,,,false,false,,2024-08-12T19:15:00.000Z,0
CVE-2022-29646,https://securityvulnerability.io/vulnerability/CVE-2022-29646,Access Control Vulnerability in TOTOLINK Router Products,"An access control issue in specific versions of the TOTOLINK A3100R router allows unauthorized access, enabling attackers to retrieve sensitive information through a specially crafted web request. This vulnerability poses a risk to the confidentiality of the user's data, highlighting the importance of timely updates and proper configuration in Internet of Things (IoT) devices.",Totolink,A3100r Firmware,5.3,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2022-05-18T11:50:52.000Z,0
CVE-2022-29645,https://securityvulnerability.io/vulnerability/CVE-2022-29645,Hard Coded Password Vulnerability in TOTOLINK A3100R Router,"A vulnerability exists in the TOTOLINK A3100R router due to the presence of a hard coded root password stored in the /etc/shadow.sample file. This issue could allow unauthorized access to the device, making it susceptible to potential exploitation. The specific router versions affected by this vulnerability include V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129, highlighting the need for users to review their device configurations and apply necessary security measures.",Totolink,A3100r Firmware,9.8,CRITICAL,0.01600000075995922,false,,false,false,false,,,false,false,,2022-05-18T11:50:51.000Z,0
CVE-2022-29644,https://securityvulnerability.io/vulnerability/CVE-2022-29644,Hard Coded Password Vulnerability in TOTOLINK A3100R Router,"The TOTOLINK A3100R router versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 contain a significant security flaw due to a hard coded password for the telnet service. This vulnerability, located in the /web_cste/cgi-bin/product.ini component, may allow unauthorized access to the router, compromising the device and potentially the network it is connected to. Users are advised to secure their devices against this issue to prevent exploitation.",Totolink,A3100r Firmware,9.8,CRITICAL,0.014089999720454216,false,,false,false,false,,,false,false,,2022-05-18T11:50:50.000Z,0
CVE-2022-29643,https://securityvulnerability.io/vulnerability/CVE-2022-29643,Stack Overflow Vulnerability in TOTOLINK A3100R Router,"The TOTOLINK A3100R router has a vulnerability that exposes it to a stack overflow issue via the macAddress parameter in the setMacQos function. When manipulated through a specially crafted POST request, this flaw allows attackers to disrupt service, leading to a Denial of Service (DoS). Users of the affected A3100R firmware versions should take precautions and update to secure their devices from potential exploitation.",Totolink,A3100r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-18T11:50:49.000Z,0
CVE-2022-29642,https://securityvulnerability.io/vulnerability/CVE-2022-29642,Stack Overflow Vulnerability in TOTOLINK A3100R Router,"The TOTOLINK A3100R router versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 are vulnerable to a stack overflow issue due to improper handling of the URL parameter in the setUrlFilterRules function. This flaw may allow a remote attacker to execute a specially crafted POST request, resulting in a Denial of Service (DoS) condition, impacting the availability of the router and connected devices.",Totolink,A3100r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-18T11:50:48.000Z,0
CVE-2022-29641,https://securityvulnerability.io/vulnerability/CVE-2022-29641,Stack Overflow Vulnerability in TOTOLINK Router Firmware,"The TOTOLINK A3100R router firmware versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 contain a stack overflow vulnerability caused by improper handling of the startTime and endTime parameters within the setParentalRules function. This flaw enables remote attackers to send specially crafted POST requests that can result in a Denial of Service (DoS), disrupting normal operations of the device.",Totolink,A3100r Firmware,7.5,HIGH,0.0013299999991431832,false,,false,false,false,,,false,false,,2022-05-18T11:50:47.000Z,0
CVE-2022-29640,https://securityvulnerability.io/vulnerability/CVE-2022-29640,Stack Overflow Vulnerability in TOTOLINK A3100R Routers,"The TOTOLINK A3100R routers have been identified to possess a stack overflow vulnerability that can be exploited via the comment parameter in the setPortForwardRules function. An attacker can send a specially crafted POST request that may trigger the overflow, potentially resulting in a denial of service. This issue emphasizes the need for robust input validation and security measures to secure network devices.",Totolink,A3100r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-18T11:50:45.000Z,0
CVE-2022-29638,https://securityvulnerability.io/vulnerability/CVE-2022-29638,Stack Overflow Vulnerability in TOTOLINK A3100R Router,"TOTOLINK A3100R routers, specifically versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129, are prone to a stack overflow vulnerability that can be exploited through the comment parameter in the setIpQosRules function. An attacker can craft a malicious POST request, leading to unexpected behavior and a potential Denial of Service situation, which can disrupt the normal operation of the device.",Totolink,A3100r Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-18T11:50:44.000Z,0
CVE-2022-29639,https://securityvulnerability.io/vulnerability/CVE-2022-29639,Command Injection Vulnerability in TOTOLINK A3100R Router,"A command injection vulnerability was identified in the TOTOLINK A3100R router's firmware. This flaw exists due to improper validation of the 'magicid' parameter within the 'uci_cloudupdate_config' function. An attacker could exploit this vulnerability to execute arbitrary commands on the affected device, potentially compromising the security of the network.",Totolink,A3100r Firmware,8.1,HIGH,0.013829999603331089,false,,false,false,false,,,false,false,,2022-05-18T11:50:44.000Z,0
CVE-2021-46006,https://securityvulnerability.io/vulnerability/CVE-2021-46006,Unauthenticated Configuration Manipulation in Totolink Router,"The Totolink A3100R router has a significant security flaw in its 'test.asp' file, which features an API-like function that lacks proper authentication mechanisms. This vulnerability permits unauthorized users to change critical settings on the router without any form of authentication. As a result, attackers can exploit this weakness to manipulate network configurations, potentially leading to compromised system security and integrity.",Totolink,A3100r Firmware,6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-03-30T23:15:00.000Z,0
CVE-2021-46009,https://securityvulnerability.io/vulnerability/CVE-2021-46009,Improper Authentication in Totolink Router A3100R,"In the Totolink A3100R model V5.9c.4577, an improper authentication vulnerability allows unauthorized access to multiple pages through tools like curl or Burp Suite. This issue enables the potential exposure of sensitive configurations, as administrative settings can be manipulated without the need for cookies, resulting in a significant security risk.",Totolink,A3100r Firmware,9.8,CRITICAL,0.005570000037550926,false,,false,false,false,,,false,false,,2022-03-30T23:15:00.000Z,0
CVE-2021-46008,https://securityvulnerability.io/vulnerability/CVE-2021-46008,Hard-coded Telnet Password Vulnerability in Totolink Router,"The A3100R router by Totolink has a severe security flaw where a hard-coded Telnet password can be easily extracted from the firmware. If an attacker gains access to the same Wi-Fi network and the Telnet service is enabled, they can exploit this vulnerability to access the device with root shell privileges.",Totolink,A3100r Firmware,8.8,HIGH,0.004410000052303076,false,,false,false,false,,,false,false,,2022-03-30T23:15:00.000Z,0
CVE-2021-46010,https://securityvulnerability.io/vulnerability/CVE-2021-46010,Insufficient Randomness Vulnerability in Totolink Router,"The Totolink A3100R router version V5.9c.4577 is affected by a vulnerability that arises from the use of insufficiently random values in its web configuration. Specifically, the SESSION_ID generated by the system can be easily predicted by an attacker. This predictability allows unauthorized individuals to hijack valid user sessions, potentially leading to further malicious actions within the affected network. It is crucial for users to be aware of this vulnerability and take necessary steps to secure their systems against potential attacks.",Totolink,A3100r Firmware,8.8,HIGH,0.008750000037252903,false,,false,false,false,,,false,false,,2022-03-30T23:15:00.000Z,0
CVE-2021-44620,https://securityvulnerability.io/vulnerability/CVE-2021-44620,Command Injection Vulnerability in TOTOLINK A3100R Router,"A command injection vulnerability has been identified in the TOTOLINK A3100R router, specifically impacting the adm/ntm.asp interface through the hosTime parameters. This flaw allows attackers to execute arbitrary commands on the affected device, potentially compromising the router's integrity and network security. Users are advised to apply available patches and updates to mitigate risks associated with this vulnerability.",Totolink,A3100r Firmware,9.8,CRITICAL,0.03010999970138073,false,,false,false,false,,,false,false,,2022-03-11T15:54:20.000Z,0
CVE-2022-25077,https://securityvulnerability.io/vulnerability/CVE-2022-25077,Command Injection Vulnerability in TOTOLink A3100R by TOTOLink,"A command injection flaw has been identified in TOTOLink A3100R firmware, specifically in the Main function. This vulnerability enables unauthorized attackers to execute arbitrary commands on the device by manipulating the QUERY_STRING parameter. Leveraging this vulnerability could lead to serious security compromises, allowing attackers to control the device's operations.",Totolink,A3100r Firmware,9.8,CRITICAL,0.00546000013127923,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0