VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2025-28026Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.

  • CVE-2025-28033Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the…

  • CVE-2025-28034Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the…

  • CVE-2025-28036Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

  • CVE-2025-28039Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter.

  • CVE-2025-28030Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.

  • CVE-2025-28027Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.

  • CVE-2025-28038Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter.

  • CVE-2025-28031Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini.

  • CVE-2025-28035Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

  • CVE-2025-28032Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function…

  • CVE-2025-28029Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi

  • CVE-2025-28037Apr 22, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.

  • CVE-2025-28024Apr 22, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi

  • CVE-2025-29209Apr 18, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.

  • CVE-2025-3675Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely.…

  • CVE-2025-3674Apr 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched…

  • CVE-2025-3668Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated…

  • CVE-2025-3667Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The…

  • CVE-2025-3666Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit…

  • CVE-2025-3665Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched…

  • CVE-2025-3664Apr 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely.…

  • CVE-2025-3663Apr 16, 2025
    risk 0.00cvss epss 0.08

    A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper…

  • CVE-2025-22900Apr 15, 2025
    risk 0.00cvss epss 0.00

    Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.

  • CVE-2025-28136Apr 15, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.

  • CVE-2025-22903Apr 15, 2025
    risk 0.00cvss epss 0.00

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.

  • CVE-2025-29064Apr 3, 2025
    risk 0.00cvss epss 0.01

    An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.

  • CVE-2025-2955Mar 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access…

  • CVE-2025-28256Mar 28, 2025
    risk 0.00cvss epss 0.01

    An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.

  • CVE-2025-28135Mar 27, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi.

  • CVE-2025-28138Mar 27, 2025
    risk 0.00cvss epss 0.01

    The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

  • CVE-2025-2688Mar 24, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access…

  • CVE-2025-2370Mar 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based…

  • CVE-2025-2369Mar 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible…

  • CVE-2025-2096Mar 7, 2025
    risk 0.00cvss epss 0.03

    A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The…

  • CVE-2025-2095Mar 7, 2025
    risk 0.00cvss epss 0.02

    A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack…

  • CVE-2025-1852Mar 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be…

  • CVE-2025-1829Mar 2, 2025
    risk 0.00cvss epss 0.11

    A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can…

  • CVE-2025-25635Feb 28, 2025
    risk 0.00cvss epss 0.00

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

  • CVE-2025-25609Feb 28, 2025
    risk 0.00cvss epss 0.00

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa

  • CVE-2025-25610Feb 28, 2025
    risk 0.00cvss epss 0.00

    TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.

  • CVE-2025-25604Feb 21, 2025
    risk 0.00cvss epss 0.01

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua.

  • CVE-2025-25605Feb 21, 2025
    risk 0.00cvss epss 0.01

    Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua.

  • CVE-2025-1340Feb 16, 2025
    risk 0.00cvss epss 0.14

    A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2025-1339Feb 16, 2025
    risk 0.00cvss epss 0.03

    A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been rated as critical. This issue affects the function setL2tpdConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated…

  • CVE-2025-25524Feb 11, 2025
    risk 0.00cvss epss 0.00

    Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or…

  • CVE-2024-57036Jan 21, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.

  • CVE-2024-57014Jan 15, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg.

  • CVE-2024-57023Jan 15, 2025
    risk 0.00cvss epss 0.01

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg.

  • CVE-2024-57013Jan 15, 2025
    risk 0.00cvss epss 0.02

    TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg.

Page 13 of 25