Product:

A3002ru_firmware

(Totolink)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2018-11-27 CVE-2018-13314 System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. A3002ru_firmware 9.8
2018-11-26 CVE-2018-13312 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. A3002ru_firmware 6.1
2018-11-26 CVE-2018-13311 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. A3002ru_firmware 9.8
2018-11-26 CVE-2018-13310 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. A3002ru_firmware 6.1
2018-11-26 CVE-2018-13309 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. A3002ru_firmware 6.1
2018-11-26 CVE-2018-13308 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. A3002ru_firmware 6.1
2018-11-27 CVE-2018-13307 System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. A3002ru_firmware 9.8
2018-11-27 CVE-2018-13306 System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. A3002ru_firmware 9.8