CVE-2021-46010

Name of the Vulnerable Software and Affected Versions Totolink A3100R version 5.9c.4577

Description The issue concerns the use of insufficiently random values via the web configuration, making the SESSION ID predictable. This predictability allows an attacker to hijack a valid session and conduct further malicious operations.

Recommendations For Totolink A3100R version 5.9c.4577, consider restricting access to the web configuration until a patch is available to minimize the risk of session hijacking. As a temporary workaround, avoid using the predictable SESSION ID in the affected web configuration endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.