|Difficult to exploit|
|(other affected products)||Published: Thu Jan 14 16:15:00 2021 UTC. Last Modified: Tue Jan 26 21:04:00 2021 UTC|
CPE matches: cpe:2.3:o:totolink:a702r_firmware:1.0.0-b20161227.1023:*:*:*:*:*:*:*
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
- Access to all information.
- Attacking requires access via console, SSH or tricking a legitimate user but requires the attacker to have regular user privileges.
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (CVSSv3)
Type of bug(s)
- CWE-552, Files or Directories Accessible to External Parties: The product makes files or directories accessible to unauthorized actors, even though they should not be.