Access Control Vulnerability in TOTOLINK Router Products
CVE-2022-29646

5.3MEDIUM

Key Information:

Vendor: Totolink
Status: A3100r Firmware
Vendor: CVE Published:; 18 May 2022

What is CVE-2022-29646?

An access control issue in specific versions of the TOTOLINK A3100R router allows unauthorized access, enabling attackers to retrieve sensitive information through a specially crafted web request. This vulnerability poses a risk to the confidentiality of the user's data, highlighting the importance of timely updates and proper configuration in Internet of Things (IoT) devices.

References

https://github.com/shijin0925/IOT/blob/master/TOTOLINK%20...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Apr 25, 2022

Totolink

What is CVE-2022-29646?

References

CVSS V3.1

Timeline