Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A720r Firmware  Security Vulnerabilities
CVE-2021-44246
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
CVE-2021-44247
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter.
CVSS Score
9.8
EPSS Score
0.265
Published
2022-02-04
CVE-2021-35324
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-05
CVE-2021-35325
A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
CVSS Score
7.5
EPSS Score
0.031
Published
2021-08-05
CVE-2021-35326
A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.041
Published
2021-08-05
CVE-2021-35327
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-05
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
CVSS Score
9.8
EPSS Score
0.202
Published
2021-04-14
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.
CVSS Score
9.8
EPSS Score
0.202
Published
2021-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved