CVE-2021-34220
published 2021-08-20CVE-2021-34220: Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| totolink | a3002r_firmware | — | — |