VYPR

A8000RU

by Totolink

CVEs (63)

  • CVE-2026-7136CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack…

  • CVE-2026-7125CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be…

  • CVE-2026-7124CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command…

  • CVE-2026-7123CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated…

  • CVE-2026-7122CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack…

  • CVE-2026-7121CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.02

    A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack…

  • CVE-2026-7037CriApr 26, 2026
    risk 0.64cvss 9.8epss 0.02

    A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can…

  • CVE-2025-28034CriApr 22, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the…

  • CVE-2025-28138CriMar 27, 2025
    risk 0.64cvss 9.8epss 0.01

    The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

  • CVE-2024-24324CriJan 30, 2024
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow.

  • CVE-2022-25076CriFeb 24, 2022
    risk 0.64cvss 9.8epss 0.03

    TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

  • CVE-2026-6157HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The…

  • CVE-2025-4496HigMay 10, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument…

  • CVE-2024-28338HigMar 12, 2024
    risk 0.52cvss 8.0epss 0.01

    A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie.

  • CVE-2022-36611HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2026-5676HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is…

  • CVE-2025-28020HigApr 23, 2025
    risk 0.47cvss 7.3epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.

  • CVE-2025-28019HigApr 23, 2025
    risk 0.47cvss 7.3epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component

  • CVE-2025-28018HigApr 23, 2025
    risk 0.47cvss 7.3epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.

  • CVE-2025-28033HigApr 22, 2025
    risk 0.47cvss 7.3epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the…