VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2026-36837HigApr 29, 2026
    risk 0.49cvss 7.5epss 0.00

    TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.

  • CVE-2024-51228MedNov 27, 2024
    risk 0.49cvss 6.8epss 0.04

    An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523…

  • CVE-2026-6158HigApr 13, 2026
    risk 0.48cvss 7.3epss 0.01

    A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2026-5692HigApr 7, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-5691HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely.…

  • CVE-2026-5690HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit…

  • CVE-2026-5689HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible.…

  • CVE-2026-5688HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit…

  • CVE-2026-5678HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The…

  • CVE-2026-5677HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The…

  • CVE-2026-5176HigMar 31, 2026
    risk 0.48cvss 7.3epss 0.02

    A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The…

  • CVE-2026-4497HigMar 20, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9935HigSep 4, 2025
    risk 0.48cvss 7.3epss 0.03

    A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been…

  • CVE-2026-7219HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.01

    A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and…

  • CVE-2026-7218HigApr 28, 2026
    risk 0.47cvss 7.2epss 0.00

    A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is…

  • CVE-2026-5676HigApr 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is…

  • CVE-2026-4611HigMar 23, 2026
    risk 0.47cvss 7.2epss 0.03

    A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched…

  • CVE-2026-3696HigMar 8, 2026
    risk 0.47cvss 7.3epss 0.02

    A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated…

  • CVE-2025-9533HigAug 27, 2025
    risk 0.47cvss 7.3epss 0.09

    A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit…

  • CVE-2025-7862HigJul 20, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the…

  • CVE-2026-7633MedMay 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is…

  • CVE-2026-31173MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31169MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31168MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31167MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31166MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31163MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31162MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31179MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31176MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31174MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31172MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31171MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31165MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31164MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31160MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31159MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2025-7952MedJul 22, 2025
    risk 0.42cvss 6.3epss 0.15

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely.…

  • CVE-2025-6621MedJun 25, 2025
    risk 0.42cvss 6.3epss 0.03

    A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-6620MedJun 25, 2025
    risk 0.42cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely.…

  • CVE-2025-6619MedJun 25, 2025
    risk 0.42cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched…

  • CVE-2025-6618MedJun 25, 2025
    risk 0.42cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The…

  • CVE-2025-6485MedJun 22, 2025
    risk 0.42cvss 6.3epss 0.06

    A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to…

  • CVE-2026-9534MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack…

  • CVE-2026-9533MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is…

  • CVE-2026-9532MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The…

  • CVE-2026-9531MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried…

  • CVE-2026-9515MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may…

  • CVE-2026-9514MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/Net…

  • CVE-2026-9513MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can…

Page 3 of 25