Filtered by vendor Totolink
Subscribe
Total
1104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67188 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-02-10 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow. | |||||
| CVE-2025-67189 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-02-10 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution. | |||||
| CVE-2025-67187 | 1 Totolink | 2 A950rg, A950rg Firmware | 2026-02-10 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length. | |||||
| CVE-2026-0731 | 1 Totolink | 2 Wa1200-poe, Wa1200-poe Firmware | 2026-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1156 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1155 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2026-1157 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-1158 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-1143 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-1328 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2026-01-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14964 | 1 Totolink | 2 T10, T10 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote. | |||||
| CVE-2025-13184 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-12-19 | N/A | 9.8 CRITICAL |
| Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the same implementation, may also be affected. | |||||
| CVE-2025-55895 | 1 Totolink | 4 A3300r, A3300r Firmware, N200re and 1 more | 2025-12-17 | N/A | 9.1 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote). | |||||
| CVE-2025-55893 | 1 Totolink | 2 N200re, N200re Firmware | 2025-12-17 | N/A | 6.5 MEDIUM |
| TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName. | |||||
| CVE-2025-55901 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-12-17 | N/A | 6.5 MEDIUM |
| TOTOLINK A3300R V17.0.0cu.596_B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the host_time parameter. | |||||
| CVE-2025-60684 | 1 Totolink | 4 Lr1200gb, Lr1200gb Firmware, Nr1800x and 1 more | 2025-11-24 | N/A | 6.5 MEDIUM |
| A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication. | |||||
| CVE-2025-60686 | 1 Totolink | 6 A720r, A720r Firmware, Lr1200gb and 3 more | 2025-11-19 | N/A | 5.1 MEDIUM |
| A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution. | |||||
| CVE-2025-60687 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-11-19 | N/A | 6.5 MEDIUM |
| An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication. | |||||
| CVE-2025-60688 | 1 Totolink | 4 Lr1200gb, Lr1200gb Firmware, Nr1800x and 1 more | 2025-11-19 | N/A | 6.5 MEDIUM |
| A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication. | |||||
| CVE-2025-60699 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-11-18 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fixed-size stack buffer (`v13`) using `strcpy()` without performing any length checks. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface, potentially leading to arbitrary code execution. | |||||