← Retour aux CVEs
CVE-2021-46009
CRITICAL9.8
Description
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/30/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
totolink:a3100rtotolink:a3100r_firmware
Faiblesses (CWE)
CWE-306
References
http://a3100r.com(cve@mitre.org)
http://totolink.com(cve@mitre.org)
https://hackmd.io/-riYp6Q-ReCx-dKKWFBTLg(cve@mitre.org)
http://a3100r.com(af854a3a-2127-422b-91ae-364da2661108)
http://totolink.com(af854a3a-2127-422b-91ae-364da2661108)
https://hackmd.io/-riYp6Q-ReCx-dKKWFBTLg(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.