VYPR

A950RG Router

by Totolink

CVEs (2)

  • CVE-2025-60702Nov 13, 2025
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The `setDiagnosisCfg` function retrieves the `ipDoamin` parameter from user input via `websGetVar` and concatenates it directly into a `ping`…

  • CVE-2025-60699Nov 13, 2025
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fixed-size stack buffer…