CVE-2021-35327

CWE-862 — Missing Authorization4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 36.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink A720r Firmware

Timeline

PublishedAug 5

Latest updateMay 24

Description

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDtotolink/a720r_firmware4.1.5cu.470_b20200911

🔴Vulnerability Details

GHSA

GHSA-w5cw-c968-jv2x: A vulnerability in TOTOLINK A720R A720R_Firmware v4↗2022-05-24

▶

CVEList

CVE-2021-35327: A vulnerability in TOTOLINK A720R A720R_Firmware v4↗2021-08-05

▶

VulnCheck

totolink a720r_firmware Missing Authorization↗2021

▶