VYPR

EX1200T

by Totolink

CVEs (49)

  • CVE-2021-42887CriJun 3, 2022
    risk 0.67cvss 9.8epss 0.43

    In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

  • CVE-2025-5600CriJun 4, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The…

  • CVE-2025-28039CriApr 22, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.

  • CVE-2025-28038CriApr 22, 2025
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.

  • CVE-2023-52032CriJan 11, 2024
    risk 0.64cvss 9.8epss 0.02

    TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.

  • CVE-2023-51035CriDec 22, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.

  • CVE-2023-51034CriDec 22, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.

  • CVE-2023-51033CriDec 22, 2023
    risk 0.64cvss 9.8epss 0.01

    TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.

  • CVE-2021-42890CriJun 3, 2022
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.

  • CVE-2021-42888CriJun 3, 2022
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack.

  • CVE-2021-42885CriJun 3, 2022
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.

  • CVE-2021-42884CriJun 3, 2022
    risk 0.64cvss 9.8epss 0.02

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.

  • CVE-2021-42875CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.05

    TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin.

  • CVE-2021-42872CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.08

    TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code.

  • CVE-2025-5907HigJun 10, 2025
    risk 0.58cvss 8.8epss 0.04

    A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be…

  • CVE-2025-5792HigJun 6, 2025
    risk 0.58cvss 8.8epss 0.04

    A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url…

  • CVE-2022-25008HigMar 30, 2022
    risk 0.58cvss 8.8epss 0.04

    totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.

  • CVE-2025-6568HigJun 24, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…

  • CVE-2025-6393HigJun 21, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component…

  • CVE-2025-6336HigJun 20, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer…

Page 1 of 3