Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact

a3002ru vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3

CVE-2018-13306

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute system commands via the "ftpUser" POST parameter.
Totolink A3002ru Firmware 1.0.8
6.1
CVSSv3

CVE-2018-13310

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute arbitrary JavaScript via the user's username.
Totolink A3002ru Firmware 1.0.8
9.8
CVSSv3

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute system commands via the "sambaUser" POST parameter.
Totolink A3002ru Firmware 1.0.8
6.5
CVSSv3

CVE-2018-13313

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password. This page, password.htm, contains JavaScript which is used to confirm the user knows their current password before allowing them to change their password. However...
Totolink A3002ru Firmware 1.0.8
6.1
CVSSv3

CVE-2018-13308

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute arbitrary JavaScript by modifying the "User phrases button" field.
Totolink A3002ru Firmware 1.0.8
9.8
CVSSv3

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute system commands via the "ipAddr" POST parameter.
Totolink A3002ru Firmware 1.0.8
9.8
CVSSv3

CVE-2018-13315

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows malicious users to change the admin user's password via an unauthenticated POST request.
Totolink A3002ru Firmware 1.0.8
6.1
CVSSv3

CVE-2018-13317

Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows malicious users to obtain the plaintext password for the admin user by making a GET request for password.htm.
Totolink A3002ru Firmware 1.0.8
9.8
CVSSv3

CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
Totolink A3002ru Firmware 1.0.8
6.1
CVSSv3

CVE-2018-13312

Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows malicious users to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
Totolink A3002ru Firmware 1.0.8
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
ruoyi-aiCVE-2025-6417CVE-2025-6362aquatronicainfosphere information serverarbitrary codevalidationIMAPwinrarCVE-2025-6018CVE-2025-6402CVE-2025-6447CVE-2025-4275
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook