Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-35326

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Aug, 2021 | 20:39
Updated At-04 Aug, 2024 | 00:33
Rejected At-
Credits

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Aug, 2021 | 20:39
Updated At:04 Aug, 2024 | 00:33
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md
x_refsource_MISC
Hyperlink: https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Aug, 2021 | 21:15
Updated At:12 Aug, 2021 | 18:31

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
TOTOLINK
totolink
>>a720r_firmware>>4.1.5cu.470_b20200911
cpe:2.3:o:totolink:a720r_firmware:4.1.5cu.470_b20200911:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a720r>>-
cpe:2.3:h:totolink:a720r:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

20Records found
CVE-2023-24147
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.29%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ca300-poe_firmwareca300-poen/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-31817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.05% / 92.30%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 00:00
Updated-24 Mar, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex200ex200_firmwaren/aex200
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-31816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 00:00
Updated-18 Mar, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex200_firmwareex200n/aex200_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45735
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.87%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 01:33
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x5000r_firmwarex5000rn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-42893
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.33%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 17:12
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex1200t_firmwareex1200tn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-10654
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-1.08% / 76.96%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 11:31
Updated-05 Nov, 2024 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK LR350 formLoginAuth.htm authorization

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 9.3.5u.6698_B20230810 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-TOTOLINK
Product-LR350lr350
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-7223
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.57%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 15:31
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink T6 cstecgi.cgi access control

A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t6t6_firmwareT6
CWE ID-CWE-284
Improper Access Control
CVE-2022-37841
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.02%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 16:39
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a860r_firmwarea860rn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-4270
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 07:31
Updated-07 May, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A720R Config cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a720ra720r_firmwareA720R
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-4271
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 26.40%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 08:00
Updated-07 May, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A720R cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a720ra720r_firmwareA720R
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2019-19822
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 85.50%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:55
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Action-Not Available
Vendor-hiwififg-productscoshipcikteltbroadkctvjejuhcn_max-c300n_projectsapidoiodatan/aTOTOLINKRealtek Semiconductor Corp.
Product-a702r_firmwarehcn_max-c300nwn-ac1167rn300rt_firmwaremax-c300n_firmwareemta_ap_firmwrea3002run150rtn200rewn-ac1167r_firmwren302rhcn_max-c300n_firmwarertk_11n_apmesh_router_firmwaren200re_firmwareemta_apwireless_ap_firmwarea3002ru_firmwaregr297n_firmwarefgn-r2gn-866acfgn-r2_firmwarertk_11n_ap_firmwaren301rt_firmwaremax-c300na702rgr297nn301rtn150rt_firmwaremesh_routern300rtn302r_firmwarewireless_apgn-866ac_firmwaren100re_firmwaren100ren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-2955
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.12%
||
7 Day CHG-0.06%
Published-30 Mar, 2025 | 17:31
Updated-02 Jul, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control

A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a3000ru_firmwarea3000ruA3000RU
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2019-19823
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.36% / 79.38%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 17:49
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12.

Action-Not Available
Vendor-hiwififg-productscoshipcikteltbroadkctvjejuhcn_max-c300n_projectsapidoiodatan/aTOTOLINKRealtek Semiconductor Corp.
Product-a702r_firmwarehcn_max-c300nwn-ac1167rn300rt_firmwaremax-c300n_firmwareemta_ap_firmwrea3002run150rtn200rewn-ac1167r_firmwren302rhcn_max-c300n_firmwarertk_11n_apmesh_router_firmwaren200re_firmwareemta_apwireless_ap_firmwarea3002ru_firmwaregr297n_firmwarefgn-r2gn-866acfgn-r2_firmwarertk_11n_ap_firmwaren301rt_firmwaremax-c300na702rgr297nn301rtn150rt_firmwaremesh_routern300rtn302r_firmwarewireless_apgn-866ac_firmwaren100re_firmwaren100ren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.59%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 11:50
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3100ra3100r_firmwaren/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-48069
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.37% / 79.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 00:00
Updated-28 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a830ra830r_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-7156
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.72% / 71.53%
||
7 Day CHG~0.00%
Published-28 Jul, 2024 | 10:31
Updated-08 Aug, 2024 | 12:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a3700ra3700r_firmwareA3700Ra3700r_firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9550
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.08%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 21:01
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-f2-v1f1-v2n150rt-v2n151rt-v2n300rh-v2_firmwaren300rt-v2_firmwaren300rh-v3n300rh-v2n151rt-v2_firmwarea850r-v1n300rt-v2f2-v1_firmwaren150rt-v2_firmwaren300rh-v3_firmwaref1-v2_firmwarea850r-v1_firmwaren/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-42891
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 15:17
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex1200t_firmwareex1200tn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-42886
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 74.95%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 11:13
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex1200t_firmwareex1200tn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-42889
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.94%
||
7 Day CHG~0.00%
Published-03 Jun, 2022 | 14:08
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.

Action-Not Available
Vendor-n/aTOTOLINK
Product-ex1200t_firmwareex1200tn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
Details not found