Note:
This project will be discontinued after December 13, 2021. [more]
Product:
A720r_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-05 | CVE-2021-35327 | A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | A720r_firmware | 9.8 | ||
| 2022-02-04 | CVE-2021-44246 | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. | A3100r_firmware, A720r_firmware, A830r_firmware | 7.5 | ||
| 2022-02-04 | CVE-2021-44247 | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. | A3100r_firmware, A720r_firmware, A830r_firmware | 9.8 | ||
| 2022-02-04 | CVE-2021-45737 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter. | A720r_firmware | 7.5 | ||
| 2022-02-04 | CVE-2021-45739 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter. | A720r_firmware | 7.5 | ||
| 2022-02-04 | CVE-2021-45740 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter. | A720r_firmware | 9.8 | ||
| 2022-02-04 | CVE-2021-45742 | TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | A720r_firmware | 9.8 | ||
| 2022-03-31 | CVE-2021-43662 | totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | A720r_firmware, Ex300_v2_firmware | 6.5 | ||
| 2022-08-25 | CVE-2022-36456 | TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | A720r_firmware | 7.8 | ||
| 2022-08-29 | CVE-2022-36610 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | A720r_firmware | 7.8 |