VYPR

N150RT

by Totolink

CVEs (16)

  • CVE-2019-19825CriJan 27, 2020
    risk 0.66cvss 9.8epss 0.30

    On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The…

  • CVE-2025-4462HigMay 9, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely.…

  • CVE-2025-3993HigApr 28, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The…

  • CVE-2025-3992HigApr 28, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The…

  • CVE-2025-3991HigApr 28, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely.…

  • CVE-2025-3990HigApr 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be…

  • CVE-2025-3989HigApr 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched…

  • CVE-2025-3988HigApr 27, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The…

  • CVE-2024-51228MedNov 27, 2024
    risk 0.45cvss 6.8epss 0.04

    An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523…

  • CVE-2025-3987MedApr 27, 2025
    risk 0.42cvss 6.3epss 0.08

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The…

  • CVE-2025-6299MedJun 20, 2025
    risk 0.31cvss 4.7epss 0.07

    A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-4461LowMay 9, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-4460LowMay 9, 2025
    risk 0.16cvss 2.4epss 0.01

    A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-3996LowApr 28, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting.…

  • CVE-2025-3995LowApr 28, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to…

  • CVE-2025-3994LowApr 28, 2025
    risk 0.16cvss 2.4epss 0.04

    A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible…