Vulnerability Details CVE-2021-46009
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2021-46009
-
cpe:2.3:h:totolink:a3100r:-
-
cpe:2.3:o:totolink:a3100r_firmware:5.9c.4577