Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Totolink Subscribe
Filtered by product A3100r
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26214 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2022-03-22 7.5 HIGH 9.8 CRITICAL
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter.
CVE-2022-26209 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2022-03-22 7.5 HIGH 9.8 CRITICAL
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2021-44620 1 Totolink 2 A3100r, A3100r Firmware 2022-03-18 7.5 HIGH 9.8 CRITICAL
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
CVE-2022-25077 1 Totolink 2 A3100r, A3100r Firmware 2022-03-03 7.5 HIGH 9.8 CRITICAL
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVE-2021-44246 1 Totolink 6 A3100r, A3100r Firmware, A720r and 3 more 2022-02-08 7.8 HIGH 7.5 HIGH
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.
CVE-2021-44247 1 Totolink 6 A3100r, A3100r Firmware, A720r and 3 more 2022-02-07 7.5 HIGH 9.8 CRITICAL
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.