Details of VAR-202108-1324

ID

VAR-202108-1324

CVE

CVE-2021-35324

TITLE

TOTOLINK A720R Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009457

DESCRIPTION

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. TOTOLINK A720R There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Totolink A720R is a wireless router from Totolink, a Taiwanese company. TOTOLINK A720R has an authorization issue vulnerability in V4.1.5cu.470_B20200911. This vulnerability originates from the improper implementation of the form login function in the software version

Trust: 2.25

sources: NVD: CVE-2021-35324 // JVNDB: JVNDB-2021-009457 // CNVD: CNVD-2022-13196 // VULMON: CVE-2021-35324

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-13196

AFFECTED PRODUCTS

vendor:	totolink	model:	a720r	scope:	eq	version:	4.1.5cu.470_b20200911	Trust: 1.0
vendor:	totolink	model:	a720r	scope:	eq	version:	a720r firmware 4.1.5cu.470_b20200911	Trust: 0.8
vendor:	totolink	model:	a720r	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a720r v4.1.5cu.470 b20200911	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-13196 // JVNDB: JVNDB-2021-009457 // NVD: CVE-2021-35324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-35324
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-35324
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2022-13196
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202108-532
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-35324
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-35324
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-13196
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-35324
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-35324
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-13196 // VULMON: CVE-2021-35324 // JVNDB: JVNDB-2021-009457 // CNNVD: CNNVD-202108-532 // NVD: CVE-2021-35324

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009457 // NVD: CVE-2021-35324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-532

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-532

PATCH

title:

Top Page

url:

http://totolink.net/

Trust: 0.8

sources: JVNDB: JVNDB-2021-009457

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35324	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-009457	Trust: 0.8
db:	CNVD	id:	CNVD-2022-13196	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-532	Trust: 0.6
db:	VULMON	id:	CVE-2021-35324	Trust: 0.1

sources: CNVD: CNVD-2022-13196 // VULMON: CVE-2021-35324 // JVNDB: JVNDB-2021-009457 // CNNVD: CNNVD-202108-532 // NVD: CVE-2021-35324

REFERENCES

url:	https://github.com/hurricane618/my_cves/blob/master/router/totolink/a720r_login_bypass.md	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35324	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-13196 // VULMON: CVE-2021-35324 // JVNDB: JVNDB-2021-009457 // CNNVD: CNNVD-202108-532 // NVD: CVE-2021-35324

SOURCES

db:	CNVD	id:	CNVD-2022-13196
db:	VULMON	id:	CVE-2021-35324
db:	JVNDB	id:	JVNDB-2021-009457
db:	CNNVD	id:	CNNVD-202108-532
db:	NVD	id:	CVE-2021-35324

LAST UPDATE DATE

2024-08-14T15:11:49.166000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-13196	date:	2022-02-22T00:00:00
db:	VULMON	id:	CVE-2021-35324	date:	2021-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-009457	date:	2022-04-27T08:01:00
db:	CNNVD	id:	CNNVD-202108-532	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-35324	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-13196	date:	2022-02-18T00:00:00
db:	VULMON	id:	CVE-2021-35324	date:	2021-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-009457	date:	2022-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202108-532	date:	2021-08-05T00:00:00
db:	NVD	id:	CVE-2021-35324	date:	2021-08-05T21:15:12.463