Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A720r Firmware  Security Vulnerabilities
CVE-2023-23064
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-17
CVE-2022-38534
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.
CVSS Score
7.2
EPSS Score
0.035
Published
2022-09-15
CVE-2022-38535
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.
CVSS Score
7.2
EPSS Score
0.035
Published
2022-09-15
CVE-2022-36610
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-29
CVE-2022-36456
TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
CVSS Score
7.8
EPSS Score
0.013
Published
2022-08-25
CVE-2021-43662
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-31
CVE-2021-45737
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45739
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-45740
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-02-04
CVE-2021-45742
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.203
Published
2022-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved