Totolink: >> A3100r Firmware >> 5.9c.4577 Security Vulnerabilities
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-30
In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-30
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-03-30
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations.
CVSS Score
8.8
EPSS Score
0.009
Published
2022-03-30