VYPR

Vendor CVEs

Totolink

All CVEs

1,201 total · sorted by risk
  • CVE-2026-9512MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command…

  • CVE-2026-9511MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the…

  • CVE-2026-7721MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit…

  • CVE-2026-7720MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.01

    A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote…

  • CVE-2026-7718MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be…

  • CVE-2026-5178MedMar 31, 2026
    risk 0.41cvss 6.3epss 0.04

    A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is…

  • CVE-2026-5177MedMar 31, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched…

  • CVE-2026-5105MedMar 30, 2026
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It…

  • CVE-2026-5104MedMar 30, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit…

  • CVE-2026-5103MedMar 30, 2026
    risk 0.41cvss 6.3epss 0.04

    A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-5102MedMar 30, 2026
    risk 0.41cvss 6.3epss 0.02

    A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The…

  • CVE-2026-5101MedMar 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack…

  • CVE-2026-5030MedMar 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be…

  • CVE-2026-5020MedMar 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack…

  • CVE-2026-2167MedFeb 8, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit…

  • CVE-2026-1623MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to…

  • CVE-2026-1601MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The…

  • CVE-2026-1548MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.03

    A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and…

  • CVE-2026-1547MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now…

  • CVE-2026-1327MedJan 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection.…

  • CVE-2026-1326MedJan 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can…

  • CVE-2026-1150MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.02

    A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be…

  • CVE-2026-1149MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be…

  • CVE-2026-0641MedJan 6, 2026
    risk 0.41cvss 6.3epss 0.02

    A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The…

  • CVE-2025-14586MedDec 13, 2025
    risk 0.41cvss 6.3epss 0.02

    A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the…

  • CVE-2025-9934MedSep 4, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-8938MedAug 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The…

  • CVE-2025-8937MedAug 14, 2025
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be…

  • CVE-2025-7615MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.…

  • CVE-2025-7614MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to…

  • CVE-2025-7613MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection.…

  • CVE-2025-7525MedJul 13, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads…

  • CVE-2025-7524MedJul 13, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command…

  • CVE-2025-7154MedJul 8, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command…

  • CVE-2026-5679MedApr 6, 2026
    risk 0.36cvss 5.5epss 0.02

    A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed…

  • CVE-2026-11620MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2025-6299MedJun 20, 2025
    risk 0.31cvss 4.7epss 0.07

    A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-11554MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly…

  • CVE-2026-11494MedJun 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-6139LowJun 16, 2025
    risk 0.25cvss 3.9epss 0.00

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within…

  • CVE-2025-6401LowJun 21, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The…

  • CVE-2025-9577LowAug 28, 2025
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement.…

  • CVE-2023-30013May 5, 2023
    risk 0.10cvss epss 0.26

    TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

  • CVE-2024-7332Aug 1, 2024
    risk 0.07cvss epss 0.21

    A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to…

  • CVE-2024-34257May 8, 2024
    risk 0.07cvss epss 0.04

    TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.

  • CVE-2024-24329Jan 30, 2024
    risk 0.07cvss epss 0.06

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function.

  • CVE-2024-24328Jan 30, 2024
    risk 0.07cvss epss 0.06

    TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function.

  • CVE-2023-46574Oct 24, 2023
    risk 0.07cvss epss 0.65

    An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.

  • CVE-2022-25082Feb 22, 2022
    risk 0.07cvss epss 0.16

    TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

  • CVE-2019-19824Jan 27, 2020
    risk 0.07cvss epss 0.25

    On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects…

Page 4 of 25