VYPR

A720R

by Totolink

CVEs (26)

  • CVE-2021-35324CriAug 5, 2021
    risk 0.65cvss 9.8epss 0.10

    A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.

  • CVE-2023-23064CriFeb 17, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.

  • CVE-2021-45742CriFeb 4, 2022
    risk 0.64cvss 9.8epss 0.03

    TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

  • CVE-2021-45740CriFeb 4, 2022
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.

  • CVE-2021-44247CriFeb 4, 2022
    risk 0.64cvss 9.8epss 0.03

    Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom…

  • CVE-2021-35327CriAug 5, 2021
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.

  • CVE-2021-27710CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.08

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…

  • CVE-2021-27708CriApr 14, 2021
    risk 0.64cvss 9.8epss 0.08

    Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…

  • CVE-2022-36610HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36456HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

  • CVE-2021-35325HigAug 5, 2021
    risk 0.50cvss 7.5epss 0.13

    A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS).

  • CVE-2021-45739HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.

  • CVE-2021-45737HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.

  • CVE-2021-44246HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter.

  • CVE-2021-35326HigAug 5, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request.

  • CVE-2021-43662MedMar 31, 2022
    risk 0.42cvss 6.5epss 0.01

    totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.

  • CVE-2025-60683Nov 13, 2025
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially…

  • CVE-2025-60686Nov 13, 2025
    risk 0.00cvss epss 0.00

    A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using…

  • CVE-2025-60682Nov 13, 2025
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly…

  • CVE-2025-60685Nov 13, 2025
    risk 0.00cvss epss 0.00

    A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte…

Page 1 of 2