EX1200T
by Totolink
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42889 | Hig | 0.49 | 7.5 | 0.01 | Jun 3, 2022 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | ||
| CVE-2021-42886 | Hig | 0.49 | 7.5 | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | ||
| CVE-2021-42877 | Hig | 0.49 | 7.5 | 0.02 | Jun 2, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | ||
| CVE-2023-4412 | Med | 0.41 | 6.3 | 0.03 | Aug 18, 2023 | A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and… | ||
| CVE-2023-4411 | Med | 0.41 | 6.3 | 0.05 | Aug 18, 2023 | A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed… | ||
| CVE-2023-4410 | Med | 0.41 | 6.3 | 0.03 | Aug 18, 2023 | A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed… | ||
| CVE-2021-42892 | Med | 0.28 | 4.3 | 0.01 | Jun 3, 2022 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | ||
| CVE-2026-44089 | 0.00 | — | 0.00 | Jun 23, 2026 | Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including… | |||
| CVE-2025-51451 | 0.00 | — | 0.00 | Aug 13, 2025 | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
- risk 0.49cvss 7.5epss 0.01
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization.
- risk 0.49cvss 7.5epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file.
- risk 0.49cvss 7.5epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
- risk 0.41cvss 6.3epss 0.03
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and…
- risk 0.41cvss 6.3epss 0.05
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed…
- risk 0.41cvss 6.3epss 0.03
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed…
- risk 0.28cvss 4.3epss 0.01
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware.
- CVE-2026-44089Jun 23, 2026risk 0.00cvss —epss 0.00
Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including…
- CVE-2025-51451Aug 13, 2025risk 0.00cvss —epss 0.00
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
Page 3 of 3