exploitDog

GHSA-34v3-w4c4-qr24

Опубликовано: 01 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

Ссылки

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-306

Связанные уязвимости

CVE-2021-46006

CVSS3: 6.5

nvd

почти 4 года назад

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-306