Vulnerability Details CVE-2021-34228
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-34228
-
cpe:2.3:h:totolink:a3002r:-
-
cpe:2.3:o:totolink:a3002r_firmware:1.1.1-b20200824