A7000R
by Totolink
CVEs (37)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38308 | Cri | 0.65 | 9.8 | 0.20 | Sep 14, 2022 | TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | ||
| CVE-2023-49418 | Cri | 0.64 | 9.8 | 0.01 | Dec 11, 2023 | TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | ||
| CVE-2023-49417 | Cri | 0.64 | 9.8 | 0.01 | Dec 11, 2023 | TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | ||
| CVE-2023-45984 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | ||
| CVE-2023-36950 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | ||
| CVE-2023-36947 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2023 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | ||
| CVE-2022-32993 | Cri | 0.64 | 9.8 | 0.01 | Aug 29, 2022 | TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. | ||
| CVE-2022-27005 | Cri | 0.64 | 9.8 | 0.06 | Mar 15, 2022 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted… | ||
| CVE-2022-27004 | Cri | 0.64 | 9.8 | 0.03 | Mar 15, 2022 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a… | ||
| CVE-2022-27003 | Cri | 0.64 | 9.8 | 0.03 | Mar 15, 2022 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted… | ||
| CVE-2026-6168 | Hig | 0.57 | 8.8 | 0.01 | Apr 13, 2026 | A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The… | ||
| CVE-2022-37084 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. | ||
| CVE-2022-37083 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | ||
| CVE-2022-37082 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | ||
| CVE-2022-37081 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | ||
| CVE-2022-37080 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. | ||
| CVE-2022-37079 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | ||
| CVE-2022-37078 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | ||
| CVE-2022-37077 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. | ||
| CVE-2022-37076 | Hig | 0.51 | 7.8 | 0.01 | Aug 25, 2022 | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. |
- risk 0.65cvss 9.8epss 0.20
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
- risk 0.64cvss 9.8epss 0.01
TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.
- risk 0.64cvss 9.8epss 0.01
TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.
- risk 0.64cvss 9.8epss 0.01
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.
- risk 0.64cvss 9.8epss 0.06
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted…
- risk 0.64cvss 9.8epss 0.03
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a…
- risk 0.64cvss 9.8epss 0.03
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted…
- risk 0.57cvss 8.8epss 0.01
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
Page 1 of 2