A3100r Firmware

a3100r_firmware

Vendor: Totolink • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-36650 1Totolink 1A3100r Firmware Jun 4, 2025 Jun 11, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is...Show more TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack.Show less
CVE-2022-28935 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Jul 6, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2c...Show more Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.Show less
CVE-2022-29646 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.
CVE-2022-29645 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for root stored in the component /etc/shadow.sample.
CVE-2022-29644 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a hard coded password for the telnet service stored in the component /web_cste/cgi-bin/product.ini.
CVE-2022-29643 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denia...Show more TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2022-29642 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Deni...Show more TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2022-29641 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attacke...Show more TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2022-29640 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause...Show more TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2022-29639 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
CVE-2022-29638 1Totolink 1A3100r Firmware Nov 21, 2024 May 18, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Deni...Show more TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2021-46010 1Totolink 1A3100r Firmware Nov 21, 2024 Mar 30, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.
CVE-2021-46009 1Totolink 1A3100r Firmware Nov 21, 2024 Mar 30, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
CVE-2021-46008 1Totolink 1A3100r Firmware Nov 21, 2024 Mar 30, 2022 N/A· v4 8.8 HIGH· v3 7.9 HIGH· v2 In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telne...Show more In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.Show less
CVE-2021-46006 1Totolink 1A3100r Firmware Nov 21, 2024 Mar 30, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.
CVE-2022-26214 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to conta...Show more Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.Show less
CVE-2022-26212 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to conta...Show more Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2022-26211 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to conta...Show more Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2022-26210 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to conta...Show more Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less
CVE-2022-26209 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to conta...Show more Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.Show less

Previous 123 Next