VYPR

A3002RU

by Totolink

CVEs (91)

  • CVE-2021-34228MedAug 20, 2021
    risk 0.42cvss 6.1epss 0.29

    Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.

  • CVE-2018-13313MedFeb 24, 2020
    risk 0.42cvss 6.5epss 0.01

    In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password.…

  • CVE-2021-34223MedAug 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.

  • CVE-2021-34220MedAug 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.

  • CVE-2021-34215MedAug 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.

  • CVE-2021-34207MedAug 20, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.

  • CVE-2018-13317MedNov 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.

  • CVE-2018-13312MedNov 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.

  • CVE-2018-13310MedNov 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.

  • CVE-2018-13309MedNov 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.

  • CVE-2018-13308MedNov 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.

  • CVE-2025-25579Mar 28, 2025
    risk 0.03cvss epss 0.10

    TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.

  • CVE-2025-55591Aug 18, 2025
    risk 0.01cvss epss 0.07

    TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.

  • CVE-2025-45858May 13, 2025
    risk 0.01cvss epss 0.09

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.

  • CVE-2026-26732Feb 17, 2026
    risk 0.00cvss epss 0.00

    TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.

  • CVE-2026-26731Feb 17, 2026
    risk 0.00cvss epss 0.00

    TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.

  • CVE-2026-26736Feb 17, 2026
    risk 0.00cvss epss 0.00

    TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.

  • CVE-2025-55590Aug 18, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.

  • CVE-2025-55585Aug 18, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.

  • CVE-2025-55588Aug 18, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Page 2 of 5