CVE-2021-46009

Name of the Vulnerable Software and Affected Versions Totolink A3100R version 5.9c.4577

Description The issue allows multiple pages to be read without authentication using tools like curl or Burp Suite. Furthermore, admin configurations can be set without the need for cookies.

Recommendations For Totolink A3100R version 5.9c.4577, consider restricting access to sensitive pages and configurations to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the device for sensitive operations that require authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.