Filtered by vendor Totolink
Subscribe
Total
852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4852 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-04 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-45800 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. | |||||
| CVE-2024-36650 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-06-04 | N/A | 7.5 HIGH |
| TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. | |||||
| CVE-2024-23059 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | |||||
| CVE-2024-22942 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | |||||
| CVE-2023-52031 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-03 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | |||||
| CVE-2024-0579 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-24332 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. | |||||
| CVE-2024-36782 | 1 Totolink | 2 Cp300, Cp300 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | |||||
| CVE-2024-22663 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg | |||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | |||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | |||||
| CVE-2024-35388 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2025-05-30 | N/A | 8.8 HIGH |
| TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode | |||||
| CVE-2024-24331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. | |||||
| CVE-2024-24327 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-05-29 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. | |||||
| CVE-2025-3996 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-28 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3249 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-34257 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-05-28 | N/A | 9.8 CRITICAL |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. | |||||
| CVE-2023-49417 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-05-27 | N/A | 9.8 CRITICAL |
| TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | |||||
| CVE-2025-4851 | 1 Totolink | 2 N300rh, N300rh Firmware | 2025-05-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||