Totolink A720R Firmware vulnerabilities

28 known vulnerabilities affecting totolink/a720r_firmware.

Total CVEs
28
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH10MEDIUM9LOW1

Vulnerabilities

Page 2 of 2
CVE-2021-45739HIGHCVSS 7.5v4.1.5cu.470_b202009112022-02-04
CVE-2021-45739 [HIGH] CVE-2021-45739: TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login f TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.
nvd
CVE-2021-45737HIGHCVSS 7.5v4.1.5cu.470_b202009112022-02-04
CVE-2021-45737 [HIGH] CVE-2021-45737: TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login f TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.
nvd
CVE-2021-35327CRITICALCVSS 9.8v4.1.5cu.470_b202009112021-08-05
CVE-2021-35327 [CRITICAL] CWE-862 CVE-2021-35327: A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start th A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
nvd
CVE-2021-35324CRITICALCVSS 9.8v4.1.5cu.470_b202009112021-08-05
CVE-2021-35324 [CRITICAL] CVE-2021-35324: A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 a A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
nvd
CVE-2021-35326HIGHCVSS 7.5v4.1.5cu.470_b202009112021-08-05
CVE-2021-35326 [HIGH] CVE-2021-35326: A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to do A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.
nvd
CVE-2021-35325HIGHCVSS 7.5v4.1.5cu.470_b202009112021-08-05
CVE-2021-35325 [HIGH] CWE-787 CVE-2021-35325: A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200 A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).
nvd
CVE-2021-27710CRITICALCVSS 9.8v4.1.5cu.470_b202009112021-04-14
CVE-2021-27710 [CRITICAL] CWE-78 CVE-2021-27710: Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" pa
nvd
CVE-2021-27708CRITICALCVSS 9.8v4.1.5cu.470_b202009112021-04-14
CVE-2021-27708 [CRITICAL] CWE-78 CVE-2021-27708: Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "comman
nvd
← Previous2 / 2