Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A3002r Firmware  >> 1.1.1-b20200824  Security Vulnerabilities
CVE-2024-34195
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-08-28
CVE-2021-34207
Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34215
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34218
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34220
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34223
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34228
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
CVSS Score
6.1
EPSS Score
0.018
Published
2021-08-20
CVE-2020-25499
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.
CVSS Score
8.8
EPSS Score
0.218
Published
2020-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved