CVE-2021-34223 Information
Jun 07, 2022
cve
Description
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update new UI) allows attackers to execute arbitrary JavaScript by modifying the �RL Address\ field.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/pup2y/IoTVul/tree/main/TOTOLINK/A3002R
Cross-site
scripting
in
urlfilter.htm
in
TOTOLINK
A3002R
version
V1.1.1-B20200824
(Important
Update
new
UI)
allows
attackers
to
execute
arbitrary
JavaScript
by
modifying
the
�RL
Address
field.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: