VYPR

T10

by Totolink

CVEs (19)

  • CVE-2025-44655CriJul 21, 2025
    risk 0.64cvss 9.8epss 0.00

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

  • CVE-2023-40042CriAug 8, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.

  • CVE-2023-40041CriAug 8, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.

  • CVE-2022-25081CriFeb 24, 2022
    risk 0.64cvss 9.8epss 0.03

    TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

  • CVE-2022-25137CriFeb 19, 2022
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the function recvSlaveUpgstatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2022-25131CriFeb 19, 2022
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2022-25130CriFeb 19, 2022
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the function updateWifiInfo of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.

  • CVE-2025-5905HigJun 10, 2025
    risk 0.58cvss 8.8epss 0.07

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer…

  • CVE-2025-5904HigJun 10, 2025
    risk 0.58cvss 8.8epss 0.07

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to…

  • CVE-2025-5903HigJun 10, 2025
    risk 0.58cvss 8.8epss 0.07

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is…

  • CVE-2025-5902HigJun 9, 2025
    risk 0.58cvss 8.8epss 0.04

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The…

  • CVE-2025-5901HigJun 9, 2025
    risk 0.58cvss 8.8epss 0.04

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer…

  • CVE-2025-6138HigJun 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer…

  • CVE-2025-6137HigJun 16, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is…

  • CVE-2025-4496HigMay 10, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument…

  • CVE-2025-9533HigAug 27, 2025
    risk 0.47cvss 7.3epss 0.09

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit…

  • CVE-2024-9001MedSep 19, 2024
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be…

  • CVE-2025-6139LowJun 16, 2025
    risk 0.25cvss 3.9epss 0.00

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within…

  • CVE-2025-14964Dec 19, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.