Filtered by vendor Totolink
Subscribe
Total
1104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5101 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2025-6916 | 1 Totolink | 2 T6, T6 Firmware | 2026-04-29 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5105 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-5104 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-6401 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-04-29 | 2.3 LOW | 3.5 LOW |
| A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7952 | 1 Totolink | 2 T6, T6 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-31177 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31178 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31179 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31181 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31162 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31163 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31166 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31167 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31168 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31169 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31173 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31159 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31160 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi. | |||||
| CVE-2026-31164 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-24 | N/A | 6.5 MEDIUM |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. | |||||