Vulnerabilities (CVE)

Filtered by vendor Totolink Subscribe
Total 892 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-4270 1 Totolink 2 A720r, A720r Firmware 2025-05-07 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4269 1 Totolink 2 A720r, A720r Firmware 2025-05-07 6.4 MEDIUM 6.5 MEDIUM
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4268 1 Totolink 2 A720r, A720r Firmware 2025-05-07 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-28029 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2025-05-07 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi
CVE-2025-28026 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2025-05-07 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28027 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2025-05-07 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28017 1 Totolink 2 A800r, A800r Firmware 2025-05-06 N/A 6.5 MEDIUM
TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter.
CVE-2025-28018 1 Totolink 2 A800r, A800r Firmware 2025-05-06 N/A 7.3 HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.
CVE-2025-28019 1 Totolink 2 A800r, A800r Firmware 2025-05-06 N/A 7.3 HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component
CVE-2025-28020 1 Totolink 2 A800r, A800r Firmware 2025-05-06 N/A 7.3 HIGH
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
CVE-2025-28021 1 Totolink 2 A810r, A810r Firmware 2025-05-06 N/A 7.3 HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters
CVE-2025-28022 1 Totolink 2 A810r, A810r Firmware 2025-05-06 N/A 7.3 HIGH
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
CVE-2025-28025 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2025-05-06 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.
CVE-2025-28028 1 Totolink 8 A3000ru, A3000ru Firmware, A3100r and 5 more 2025-05-06 N/A 7.3 HIGH
TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.
CVE-2024-35099 1 Totolink 2 Lr350, Lr350 Firmware 2025-05-05 N/A 9.8 CRITICAL
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
CVE-2025-29209 1 Totolink 2 X18, X18 Firmware 2025-04-29 N/A 9.8 CRITICAL
TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi.
CVE-2025-28137 1 Totolink 2 A810r, A810r Firmware 2025-04-29 N/A 9.8 CRITICAL
The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-28136 1 Totolink 2 A800r, A800r Firmware 2025-04-29 N/A 6.5 MEDIUM
TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi.
CVE-2025-29064 1 Totolink 2 X18, X18 Firmware 2025-04-29 N/A 9.8 CRITICAL
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.
CVE-2025-25524 1 Totolink 2 X6000r, X6000r Firmware 2025-04-29 N/A 5.1 MEDIUM
Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.