Filtered by vendor Totolink
Subscribe
Total
989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8937 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8938 | 1 Totolink | 2 N350r, N350r Firmware | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-57579 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-10-02 | N/A | 8.0 HIGH |
| An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password | |||||
| CVE-2025-25635 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-10-02 | N/A | 8.0 HIGH |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa. | |||||
| CVE-2025-9934 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-09-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-9935 | 1 Totolink | 2 N600r, N600r Firmware | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-57623 | 1 Totolink | 2 N600r, N600r Firmware | 2025-09-29 | N/A | 5.3 MEDIUM |
| A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. | |||||
| CVE-2025-52046 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-09-26 | N/A | 9.8 CRITICAL |
| Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-51451 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-09-26 | N/A | 9.8 CRITICAL |
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2025-52053 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-09-20 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_417D74 function via the file_name parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-52284 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-09-15 | N/A | 6.5 MEDIUM |
| Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-9577 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-09-09 | 1.0 LOW | 2.5 LOW |
| A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9783 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9779 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9780 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9781 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9782 | 1 Totolink | 2 A702r, A702r Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9533 | 1 Totolink | 2 T10, T10 Firmware | 2025-09-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-55591 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 9.8 CRITICAL |
| TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. | |||||
| CVE-2025-55590 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. | |||||