Cross-Site Scripting Vulnerability in TOTOLINK A3002R Router
CVE-2021-34220
6.1MEDIUM
What is CVE-2021-34220?
A cross-site scripting vulnerability exists in the 'tr069config.htm' file of the TOTOLINK A3002R router. This flaw allows attackers to inject arbitrary JavaScript code by manipulating the 'User Name' or 'Password' fields. If exploited, this vulnerability can lead to unauthorized actions, data theft, and a compromise of user sessions, thereby posing a significant security risk for users of the affected router model.