← Back

A3600r Firmware

a3600r_firmware

Vendor: Totolink • 25 CVEs

CVEs (25)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-7159
1Totolink
1A3600r Firmware
Nov 21, 2024
Jul 28, 2024
5.1 MEDIUM· v4
8.8 HIGH· v3
4.9 MEDIUM· v2
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. Th...Show more
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier VDB-272573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2022-36455
1Totolink
1A3600r Firmware
Nov 21, 2024
Aug 25, 2022
N/A· v4
7.8 HIGH· v3
N/A· v2
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
CVE-2022-34993
1Totolink
1A3600r Firmware
Nov 21, 2024
Aug 4, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample.
CVE-2022-29377
1Totolink
1A3600r Firmware
Nov 21, 2024
May 24, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT...Show more
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.Show less
CVE-2022-25078
1Totolink
1A3600r Firmware
Nov 21, 2024
Feb 24, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter...Show more
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.Show less