Note:
This project will be discontinued after December 13, 2021. [more]
Product:
A3002ru_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 54 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-11-26 | CVE-2018-13309 | Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | A3002ru_firmware | 6.1 | ||
| 2018-11-26 | CVE-2018-13308 | Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | A3002ru_firmware | 6.1 | ||
| 2018-11-27 | CVE-2018-13307 | System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | A3002ru_firmware | 9.8 | ||
| 2018-11-27 | CVE-2018-13306 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | A3002ru_firmware | 9.8 |