CVE-2021-35326 : A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

Published 2021-08-05 21:15:13

Updated 2021-08-12 18:31:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-35326

Totolink » A720r Firmware » Version: 4.1.5cu.470 B20200911
cpe:2.3:o:totolink:a720r_firmware:4.1.5cu.470_b20200911:*:*:*:*:*:*:*
Matching versions
When used together with: Totolink » A720r » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-35326

EPSS FAQ

4.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35326

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2021-35326

https://github.com/hurricane618/my_cves/blob/master/router/totolink/A720R_leak_config_file.md

my_cves/A720R_leak_config_file.md at master · hurricane618/my_cves · GitHub
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-35326

Products affected by CVE-2021-35326

Exploit prediction scoring system (EPSS) score for CVE-2021-35326

CVSS scores for CVE-2021-35326

References for CVE-2021-35326