VYPR

A7000R

by Totolink

CVEs (37)

  • CVE-2022-38308CriSep 14, 2022
    risk 0.65cvss 9.8epss 0.20

    TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.

  • CVE-2023-49418CriDec 11, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

  • CVE-2023-49417CriDec 11, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

  • CVE-2023-45984CriOct 16, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

  • CVE-2023-36950CriOct 16, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

  • CVE-2023-36947CriOct 16, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

  • CVE-2022-32993CriAug 29, 2022
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.

  • CVE-2022-27005CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.06

    Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted…

  • CVE-2022-27004CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a…

  • CVE-2022-27003CriMar 15, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted…

  • CVE-2026-6168HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2022-37084HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.

  • CVE-2022-37083HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.

  • CVE-2022-37082HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.

  • CVE-2022-37081HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.

  • CVE-2022-37080HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.

  • CVE-2022-37079HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

  • CVE-2022-37078HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.

  • CVE-2022-37077HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.

  • CVE-2022-37076HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

Page 1 of 2