Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2021-45733
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
CVSS Score
9.8
EPSS Score
0.258
Published
2022-02-04
CVE-2021-45734
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via the url parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-04
CVE-2021-45736
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setL2tpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the eip, sip, server parameters.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45737
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45738
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
CVSS Score
9.8
EPSS Score
0.258
Published
2022-02-04
CVE-2021-45739
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45740
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-02-04
CVE-2021-45741
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a stack overflow in the function setIpv6Cfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the relay6to4 parameters.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45742
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.203
Published
2022-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved