Vulnerability Description
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A3100R Firmware | <= 4.1.2cu.5050_b20200504 |
| Totolink | A3100R | - |
Related Weaknesses (CWE)
References
- http://a3100r.comBroken Link
- http://totolink.comVendor Advisory
- https://drive.google.com/file/d/1_9ru2GRZ13T1KQKXPq2E14-opgf9ih45/view?usp=shariBroken Link
- https://www.totolink.net/home/menu/newstpl/menu_newstpl/products/id/170.htmlProductVendor Advisory
- http://a3100r.comBroken Link
- http://totolink.comVendor Advisory
- https://drive.google.com/file/d/1_9ru2GRZ13T1KQKXPq2E14-opgf9ih45/view?usp=shariBroken Link
FAQ
What is CVE-2021-44620?
CVE-2021-44620 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.
How severe is CVE-2021-44620?
CVE-2021-44620 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-44620?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink A3100R Firmware, Totolink A3100R.