Filtered by vendor Totolink
Subscriptions
Total
987 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9577 | 1 Totolink | 1 X2000r | 2025-08-31 | 2.5 Low |
| A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-9533 | 1 Totolink | 1 T10 | 2025-08-29 | 7.3 High |
| A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9303 | 1 Totolink | 1 A720r | 2025-08-23 | 8.8 High |
| A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-55591 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 9.8 Critical |
| TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. | ||||
| CVE-2025-55590 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. | ||||
| CVE-2025-55589 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. | ||||
| CVE-2025-55588 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55587 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55586 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55585 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. | ||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 5.3 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | ||||
| CVE-2025-8937 | 1 Totolink | 1 N350r | 2025-08-15 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51390 | 1 Totolink | 2 N600r, N600r Firmware | 2025-08-15 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. | ||||
| CVE-2025-8938 | 1 Totolink | 1 N350r | 2025-08-15 | 6.3 Medium |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6485 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-14 | 6.3 Medium |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51451 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-51452 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-44655 | 1 Totolink | 6 A7100ru, A7100ru Firmware, A950rg and 3 more | 2025-08-07 | 9.8 Critical |
| In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | ||||
| CVE-2025-8170 | 1 Totolink | 2 T6, T6 Firmware | 2025-08-07 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52284 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-08-06 | 6.5 Medium |
| Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | ||||