Unauthenticated Access and Unauthorized Configuration in Totolink A3100R V5.9c.4577
CVE-2021-46009 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.
Learn more about our Web Application Penetration Testing UK.