| CVE-2020-27368 | Medium damage | 5.5 |
| Difficult to exploit |
| (other affected products) | Published: Thu Jan 14 16:15:00 2021 UTC. Last Modified: Tue Jan 26 21:04:00 2021 UTC |
CPE matches: cpe:2.3:o:totolink:a702r_firmware:1.0.0-b20161227.1023:*:*:*:*:*:*:*
Description
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
Damage
- Access to all information.
Attack conditions
- Attacking requires access via console, SSH or tricking a legitimate user but requires the attacker to have regular user privileges.
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (CVSSv3)
Type of bug(s)
- CWE-552, Files or Directories Accessible to External Parties: The product makes files or directories accessible to unauthorized actors, even though they should not be.