PT-2022-12498 · Totolink · Totolink A3100R
Kv
·
Published
2022-03-30
·
Updated
2022-04-05
·
CVE-2021-46006
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Totolink A3100R version 5.9c.4577
Description
The issue concerns an unauthenticated API-like function in the "test.asp" file. This function allows an attacker to configure multiple settings without proper authentication.
Recommendations
For Totolink A3100R version 5.9c.4577, consider restricting access to the "test.asp" file until a patch is available. As a temporary workaround, disabling the unauthenticated API-like function in "test.asp" can help minimize the risk of exploitation.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totolink A3100R