Insufficient Randomness Vulnerability in Totolink Router
CVE-2021-46010

8.8HIGH

Key Information:

Vendor
Totolink
Status
A3100r Firmware
Vendor
CVE Published:
30 March 2022

Summary

The Totolink A3100R router version V5.9c.4577 is affected by a vulnerability that arises from the use of insufficiently random values in its web configuration. Specifically, the SESSION_ID generated by the system can be easily predicted by an attacker. This predictability allows unauthorized individuals to hijack valid user sessions, potentially leading to further malicious actions within the affected network. It is crucial for users to be aware of this vulnerability and take necessary steps to secure their systems against potential attacks.

References

http://totolink.com
x_refsource_MISC
http://a3100r.com
x_refsource_MISC
https://hackmd.io/Ynwm8NnQSiK0xm7QKuNteg
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.