Details of VAR-202108-1779

ID

VAR-202108-1779

CVE

CVE-2021-34218

TITLE

TOTOLINK A702R Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012367

DESCRIPTION

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter. TOTOLINK A702R Exists in unspecified vulnerabilities.Information may be tampered with. TOTOLINK A702r is a router device from China TOTOLINK Company. The TOTOLINK A702r has a security vulnerability that stems from the product's login page not adding effective permission controls to directory access

Trust: 2.25

sources: NVD: CVE-2021-34218 // JVNDB: JVNDB-2021-012367 // CNVD: CNVD-2022-06506 // VULMON: CVE-2021-34218

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-06506

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002r	scope:	eq	version:	1.1.1-b20200824	Trust: 1.0
vendor:	totolink	model:	a3002r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	eq	version:	a3002r firmware 1.1.1-b20200824	Trust: 0.8
vendor:	totolink	model:	a3002r	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	a702r 1.0.0-b20161227.1023	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-06506 // JVNDB: JVNDB-2021-012367 // NVD: CVE-2021-34218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34218
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34218
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-06506
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-1803
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-34218
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34218
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-06506
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-34218
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34218
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-06506 // VULMON: CVE-2021-34218 // JVNDB: JVNDB-2021-012367 // CNNVD: CNNVD-202108-1803 // NVD: CVE-2021-34218

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012367 // NVD: CVE-2021-34218

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1803

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1803

PATCH

title:	Top Page	url:	https://www.totolink.net/	Trust: 0.8
title:	Patch for There is an unknown vulnerability in TOTOLINK A702r	url:	https://www.cnvd.org.cn/patchInfo/show/315946	Trust: 0.6
title:	Totolink A702r Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160816	Trust: 0.6

sources: CNVD: CNVD-2022-06506 // JVNDB: JVNDB-2021-012367 // CNNVD: CNNVD-202108-1803

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34218	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-012367	Trust: 0.8
db:	CNVD	id:	CNVD-2022-06506	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1803	Trust: 0.6
db:	VULMON	id:	CVE-2021-34218	Trust: 0.1

sources: CNVD: CNVD-2022-06506 // VULMON: CVE-2021-34218 // JVNDB: JVNDB-2021-012367 // CNNVD: CNNVD-202108-1803 // NVD: CVE-2021-34218

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-34218	Trust: 2.0
url:	https://github.com/pup2y/iotvul/tree/main/totolink/a3002r%20directory%20indexing	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-06506 // VULMON: CVE-2021-34218 // JVNDB: JVNDB-2021-012367 // CNNVD: CNNVD-202108-1803 // NVD: CVE-2021-34218

SOURCES

db:	CNVD	id:	CNVD-2022-06506
db:	VULMON	id:	CVE-2021-34218
db:	JVNDB	id:	JVNDB-2021-012367
db:	CNNVD	id:	CNNVD-202108-1803
db:	NVD	id:	CVE-2021-34218

LAST UPDATE DATE

2024-08-14T15:01:20.783000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-06506	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-34218	date:	2021-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-012367	date:	2022-08-30T04:46:00
db:	CNNVD	id:	CNNVD-202108-1803	date:	2022-03-24T00:00:00
db:	NVD	id:	CVE-2021-34218	date:	2021-08-26T15:36:38.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-06506	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2021-34218	date:	2021-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-012367	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202108-1803	date:	2021-08-20T00:00:00
db:	NVD	id:	CVE-2021-34218	date:	2021-08-20T17:15:07.523