CVE-2021-45735

EUVD-2021-32453
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
totolinkx5000r_firmware
9.1.0u.6118_b20201102:u.6118_b20201102
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_12/12.md
https://github.com/pjqwudi/my_vuln/blob/main/totolink/vuln_12/12.md