CVE-2021-46009

CRITICAL

Totolink A3100R V5.9c.4577 - Info Disclosure

Title source: llm
STIX 2.1

Description

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
http://totolink.com
Broken Link
http://a3100r.com
Exploit, Third Party Advisory
https://hackmd.io/-riYp6Q-ReCx-dKKWFBTLg

Scores

CVSS v3 9.8
EPSS 0.1225
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
totolink/a3100r_firmware 5.9c.4577
Published Mar 30, 2022
Tracked Since Feb 18, 2026