Vendor CVEs
Totolink
All CVEs
1,201 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52053 | 0.05 | — | 0.04 | Sep 15, 2025 | TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-52046 | 0.05 | — | 0.05 | Jul 17, 2025 | Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2024-41319 | 0.04 | — | 0.06 | Jul 23, 2024 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function. | |||
| CVE-2021-42887 | 0.04 | — | 0.43 | Jun 3, 2022 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||
| CVE-2022-27005 | 0.04 | — | 0.06 | Mar 15, 2022 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted… | |||
| CVE-2022-25077 | 0.04 | — | 0.33 | Feb 22, 2022 | TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||
| CVE-2019-19822 | 0.04 | — | 0.09 | Jan 27, 2020 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT… | |||
| CVE-2025-52284 | 0.03 | — | 0.02 | Jul 29, 2025 | Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-52089 | 0.03 | — | 0.07 | Jul 11, 2025 | A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges. | |||
| CVE-2025-28137 | 0.03 | — | 0.10 | Apr 15, 2025 | The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||
| CVE-2025-25579 | 0.03 | — | 0.10 | Mar 28, 2025 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. | |||
| CVE-2024-7464 | 0.03 | — | 0.20 | Aug 5, 2024 | A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated… | |||
| CVE-2022-26187 | 0.03 | — | 0.20 | Mar 22, 2022 | TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. | |||
| CVE-2022-26213 | 0.03 | — | 0.26 | Mar 15, 2022 | Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2022-25075 | 0.03 | — | 0.56 | Feb 22, 2022 | TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||
| CVE-2025-2094 | 0.02 | — | 0.11 | Mar 7, 2025 | A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The… | |||
| CVE-2023-52028 | 0.02 | — | 0.02 | Jan 11, 2024 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. | |||
| CVE-2023-31856 | 0.02 | — | 0.03 | May 16, 2023 | A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. | |||
| CVE-2022-38308 | 0.02 | — | 0.20 | Sep 14, 2022 | TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | |||
| CVE-2021-42885 | 0.02 | — | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | |||
| CVE-2021-42884 | 0.02 | — | 0.02 | Jun 3, 2022 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | |||
| CVE-2022-27004 | 0.02 | — | 0.03 | Mar 15, 2022 | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a… | |||
| CVE-2022-26214 | 0.02 | — | 0.03 | Mar 15, 2022 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function… | |||
| CVE-2021-44247 | 0.02 | — | 0.03 | Feb 4, 2022 | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom… | |||
| CVE-2021-45733 | 0.02 | — | 0.04 | Feb 4, 2022 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time. | |||
| CVE-2021-45738 | 0.02 | — | 0.04 | Feb 4, 2022 | TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName. | |||
| CVE-2021-43711 | 0.02 | — | 0.36 | Jan 4, 2022 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | |||
| CVE-2021-27710 | 0.02 | — | 0.08 | Apr 14, 2021 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes… | |||
| CVE-2021-27708 | 0.02 | — | 0.08 | Apr 14, 2021 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes… | |||
| CVE-2019-19823 | 0.02 | — | 0.06 | Jan 27, 2020 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0,… | |||
| CVE-2025-55591 | 0.01 | — | 0.07 | Aug 18, 2025 | TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. | |||
| CVE-2025-5502 | 0.01 | — | 0.08 | Jun 3, 2025 | A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack… | |||
| CVE-2025-45858 | 0.01 | — | 0.09 | May 13, 2025 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. | |||
| CVE-2025-3987 | 0.01 | — | 0.08 | Apr 27, 2025 | A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The… | |||
| CVE-2025-3249 | 0.01 | — | 0.03 | Apr 4, 2025 | A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched… | |||
| CVE-2025-2097 | 0.01 | — | 0.06 | Mar 7, 2025 | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The… | |||
| CVE-2024-46451 | 0.01 | — | 0.01 | Sep 16, 2024 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | |||
| CVE-2024-42737 | 0.01 | — | 0.02 | Aug 13, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42748 | 0.01 | — | 0.02 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-42745 | 0.01 | — | 0.02 | Aug 12, 2024 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | |||
| CVE-2024-7463 | 0.01 | — | 0.11 | Aug 5, 2024 | A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The… | |||
| CVE-2024-7217 | 0.01 | — | 0.07 | Jul 30, 2024 | A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated… | |||
| CVE-2024-7157 | 0.01 | — | 0.07 | Jul 28, 2024 | A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is… | |||
| CVE-2024-7156 | 0.01 | — | 0.13 | Jul 28, 2024 | A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information… | |||
| CVE-2024-35387 | 0.01 | — | 0.06 | May 24, 2024 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | |||
| CVE-2024-34921 | 0.01 | — | 0.09 | May 13, 2024 | TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. | |||
| CVE-2024-34218 | 0.01 | — | 0.18 | May 9, 2024 | TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. | |||
| CVE-2024-31817 | 0.01 | — | 0.55 | Apr 8, 2024 | In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | |||
| CVE-2024-28640 | 0.01 | — | 0.14 | Mar 16, 2024 | Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. | |||
| CVE-2024-2353 | 0.01 | — | 0.04 | Mar 10, 2024 | A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection.… |
- CVE-2025-52053Sep 15, 2025risk 0.05cvss —epss 0.04
TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
- CVE-2025-52046Jul 17, 2025risk 0.05cvss —epss 0.05
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
- CVE-2024-41319Jul 23, 2024risk 0.04cvss —epss 0.06
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
- CVE-2021-42887Jun 3, 2022risk 0.04cvss —epss 0.43
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
- CVE-2022-27005Mar 15, 2022risk 0.04cvss —epss 0.06
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted…
- CVE-2022-25077Feb 22, 2022risk 0.04cvss —epss 0.33
TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
- CVE-2019-19822Jan 27, 2020risk 0.04cvss —epss 0.09
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT…
- CVE-2025-52284Jul 29, 2025risk 0.03cvss —epss 0.02
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
- CVE-2025-52089Jul 11, 2025risk 0.03cvss —epss 0.07
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges.
- CVE-2025-28137Apr 15, 2025risk 0.03cvss —epss 0.10
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
- CVE-2025-25579Mar 28, 2025risk 0.03cvss —epss 0.10
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
- CVE-2024-7464Aug 5, 2024risk 0.03cvss —epss 0.20
A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated…
- CVE-2022-26187Mar 22, 2022risk 0.03cvss —epss 0.20
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
- CVE-2022-26213Mar 15, 2022risk 0.03cvss —epss 0.26
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2022-25075Feb 22, 2022risk 0.03cvss —epss 0.56
TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
- CVE-2025-2094Mar 7, 2025risk 0.02cvss —epss 0.11
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The…
- CVE-2023-52028Jan 11, 2024risk 0.02cvss —epss 0.02
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function.
- CVE-2023-31856May 16, 2023risk 0.02cvss —epss 0.03
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.
- CVE-2022-38308Sep 14, 2022risk 0.02cvss —epss 0.20
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
- CVE-2021-42885Jun 3, 2022risk 0.02cvss —epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack.
- CVE-2021-42884Jun 3, 2022risk 0.02cvss —epss 0.02
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack.
- CVE-2022-27004Mar 15, 2022risk 0.02cvss —epss 0.03
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a…
- CVE-2022-26214Mar 15, 2022risk 0.02cvss —epss 0.03
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function…
- CVE-2021-44247Feb 4, 2022risk 0.02cvss —epss 0.03
Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom…
- CVE-2021-45733Feb 4, 2022risk 0.02cvss —epss 0.04
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the parameter host_time.
- CVE-2021-45738Feb 4, 2022risk 0.02cvss —epss 0.04
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function UploadFirmwareFile. This vulnerability allows attackers to execute arbitrary commands via the parameter FileName.
- CVE-2021-43711Jan 4, 2022risk 0.02cvss —epss 0.36
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
- CVE-2021-27710Apr 14, 2021risk 0.02cvss —epss 0.08
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…
- CVE-2021-27708Apr 14, 2021risk 0.02cvss —epss 0.08
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes…
- CVE-2019-19823Jan 27, 2020risk 0.02cvss —epss 0.06
A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0,…
- CVE-2025-55591Aug 18, 2025risk 0.01cvss —epss 0.07
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
- CVE-2025-5502Jun 3, 2025risk 0.01cvss —epss 0.08
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack…
- CVE-2025-45858May 13, 2025risk 0.01cvss —epss 0.09
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
- CVE-2025-3987Apr 27, 2025risk 0.01cvss —epss 0.08
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The…
- CVE-2025-3249Apr 4, 2025risk 0.01cvss —epss 0.03
A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched…
- CVE-2025-2097Mar 7, 2025risk 0.01cvss —epss 0.06
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The…
- CVE-2024-46451Sep 16, 2024risk 0.01cvss —epss 0.01
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
- CVE-2024-42737Aug 13, 2024risk 0.01cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42748Aug 12, 2024risk 0.01cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWiFiWpsCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-42745Aug 12, 2024risk 0.01cvss —epss 0.02
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
- CVE-2024-7463Aug 5, 2024risk 0.01cvss —epss 0.11
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The…
- CVE-2024-7217Jul 30, 2024risk 0.01cvss —epss 0.07
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated…
- CVE-2024-7157Jul 28, 2024risk 0.01cvss —epss 0.07
A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is…
- CVE-2024-7156Jul 28, 2024risk 0.01cvss —epss 0.13
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/ExportSettings.sh of the component apmib Configuration Handler. The manipulation leads to information…
- CVE-2024-35387May 24, 2024risk 0.01cvss —epss 0.06
TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
- CVE-2024-34921May 13, 2024risk 0.01cvss —epss 0.09
TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.
- CVE-2024-34218May 9, 2024risk 0.01cvss —epss 0.18
TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter.
- CVE-2024-31817Apr 8, 2024risk 0.01cvss —epss 0.55
In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.
- CVE-2024-28640Mar 16, 2024risk 0.01cvss —epss 0.14
Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.
- CVE-2024-2353Mar 10, 2024risk 0.01cvss —epss 0.04
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection.…
Page 5 of 25