Huizhao Wang

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R A720R Firmware version V4.1.5cu.470 B20200911 Description: A vulnerability in the `Form Login` function allows attackers to bypass authentication. Recommendations: For TOTOLINK A720R A720R Firmware version V4.1.5cu.470 B20200911, consider disabling the `Form Login` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version 4.1.5cu.470 B20200911 Description: A stack overflow in the `checkLoginUser` function allows attackers to cause a denial of service. Recommendations: For TOTOLINK A720R version 4.1.5cu.470 B20200911, as a temporary workaround, consider disabling the `checkLoginUser` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R router version 4.1.5cu.470 B20200911 Description: A vulnerability in the TOTOLINK A720R router allows attackers to download the configuration file by sending a crafted HTTP request. Recommendations: For TOTOLINK A720R router version 4.1.5cu.470 B20200911, consider restricting access to the HTTP request handling mechanism until a patch is available. As a temporary workaround, limit the exposure of the router to untrusted networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TOTOLINK A720R version v4.1.5cu.470 B20200911 Description: A vulnerability allows attackers to start the Telnet service and then login with the default credentials via a crafted POST request. Recommendations: For version v4.1.5cu.470 B20200911, consider changing the default credentials to prevent unauthorized access, and restrict access to the Telnet service until a patch is available.