### [CVE-2021-46006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46006)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.

### POC

#### Reference
- https://hackmd.io/vS-OfUEzSqqKh8e1PKce5A

#### Github
No PoCs found on GitHub currently.