Filtered by vendor Totolink
Subscribe
Total
983 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9783 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9779 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9780 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9781 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9782 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9533 | 1 Totolink | 2 T10, T10 Firmware | 2025-09-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-25635 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-09-02 | N/A | 8.0 HIGH |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa. | |||||
| CVE-2025-55591 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 9.8 CRITICAL |
| TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. | |||||
| CVE-2025-55590 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. | |||||
| CVE-2025-55589 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. | |||||
| CVE-2025-55588 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-55587 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-55586 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-55585 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. | |||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 5.3 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | |||||
| CVE-2025-51390 | 1 Totolink | 2 N600r, N600r Firmware | 2025-08-15 | N/A | 9.8 CRITICAL |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. | |||||
| CVE-2025-6485 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-51451 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-08-14 | N/A | 9.8 CRITICAL |
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2025-51452 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-08-14 | N/A | 9.8 CRITICAL |
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2025-44655 | 1 Totolink | 6 A7100ru, A7100ru Firmware, A950rg and 3 more | 2025-08-07 | N/A | 9.8 CRITICAL |
| In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | |||||