VYPR

A3600r Firmware

by Totolink

CVEs (3)

  • CVE-2026-31027CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.01

    TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer…

  • CVE-2026-5020MedMar 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack…

  • CVE-2026-1686Jan 30, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack…