CVE-2021-46006

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

Ссылки

http://a3100r.com
Broken Link
http://totolink.com
Vendor Advisory
https://hackmd.io/vS-OfUEzSqqKh8e1PKce5A
Exploit
Third Party Advisory
http://a3100r.com
Broken Link
http://totolink.com
Vendor Advisory
https://hackmd.io/vS-OfUEzSqqKh8e1PKce5A
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:totolink:a3100r_firmware:5.9c.4577:*:*:*:*:*:*:*

cpe:2.3:h:totolink:a3100r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00236

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-34v3-w4c4-qr24