Filtered by vendor Totolink
Subscribe
Total
730 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22903 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. | |||||
| CVE-2025-22900 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. | |||||
| CVE-2025-3665 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3664 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3674 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | |||||
| CVE-2022-46631 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-21 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | |||||
| CVE-2017-1000020 | 3 Ecos, Greatek, Totolink | 3 Embedded Web Servers, Soho, Soho | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2023-50651 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. | |||||
| CVE-2025-28138 | 1 Totolink | 2 A800r, A800r Firmware | 2025-04-15 | N/A | 9.8 CRITICAL |
| The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. | |||||
| CVE-2025-28135 | 1 Totolink | 2 A810r, A810r Firmware | 2025-04-15 | N/A | 7.5 HIGH |
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi. | |||||
| CVE-2025-28256 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-04-14 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. | |||||
| CVE-2024-54907 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-09 | N/A | 8.8 HIGH |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. | |||||
| CVE-2024-31810 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | |||||
| CVE-2024-33433 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-09 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | |||||
| CVE-2024-34204 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. | |||||
| CVE-2024-34205 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 7.3 HIGH |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. | |||||
| CVE-2024-34206 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 6.5 MEDIUM |
| TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. | |||||
| CVE-2024-34207 | 1 Totolink | 2 Cp450, Cp450 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. | |||||