VYPR

A3100R

by Totolink

CVEs (39)

  • CVE-2022-25077CriFeb 24, 2022
    risk 0.66cvss 9.8epss 0.33

    TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

  • CVE-2021-46009CriMar 30, 2022
    risk 0.65cvss 9.8epss 0.15

    In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

  • CVE-2025-45790CriMay 8, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.

  • CVE-2025-45789CriMay 8, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.

  • CVE-2025-45788CriMay 8, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.

  • CVE-2025-45787CriMay 8, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.

  • CVE-2025-28256CriMar 28, 2025
    risk 0.64cvss 9.8epss 0.01

    An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.

  • CVE-2024-42547CriAug 12, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.

  • CVE-2024-42546CriAug 12, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.

  • CVE-2022-29645CriMay 18, 2022
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.

  • CVE-2022-29644CriMay 18, 2022
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.

  • CVE-2021-46007CriMar 30, 2022
    risk 0.64cvss 9.8epss 0.04

    totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.

  • CVE-2022-26214CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26212CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26211CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26210CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.06

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26209CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.02

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26208CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26207CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.02

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

  • CVE-2022-26206CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.02

    Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…

Page 1 of 2