Unauthenticated Access and Unauthorized Configuration in Totolink A3100R V5.9c.4577

Unauthenticated Access and Unauthorized Configuration in Totolink A3100R V5.9c.4577

CVE-2021-46009 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.

Learn more about our Web Application Penetration Testing UK.