Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Totolink Subscribe
Filtered by product A3002ru
Total 43 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13308 1 Totolink 2 A3002ru, A3002ru Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
CVE-2018-13307 1 Totolink 2 A3002ru, A3002ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
CVE-2018-13306 1 Totolink 2 A3002ru, A3002ru Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.