CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
References
Link Resource
https://hackmd.io/-riYp6Q-ReCx-dKKWFBTLg Exploit Third Party Advisory
http://a3100r.com Broken Link
http://totolink.com Vendor Advisory
Configurations

Configuration 1


Information

Published : 2022-03-30 11:15

Updated : 2022-04-05 07:09


NVD link : CVE-2021-46009

Mitre link : CVE-2021-46009

Products Affected
No products.
CWE