A3100r Firmware

a3100r_firmware

Vendor: Totolink • 47 CVEs

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-4496 1Totolink 7A3000ru Firmware A3100r FirmwareA800r Firmware+4 more Jul 29, 2025 May 10, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file...Show more A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-45790 1Totolink 1A3100r Firmware May 16, 2025 May 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the priority parameter in the setMacQos interface of /lib/cste_modules/firewall.so.
CVE-2025-45789 1Totolink 1A3100r Firmware May 16, 2025 May 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V5.9c.1527 is vulnerable to buffer overflow via the urlKeyword parameter in setParentalRules.
CVE-2025-45788 1Totolink 1A3100r Firmware May 16, 2025 May 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.
CVE-2025-45787 1Totolink 1A3100r Firmware May 16, 2025 May 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
CVE-2025-28028 1Totolink 4A3000ru Firmware A3100r FirmwareA830r Firmware+1 more May 6, 2025 Apr 23, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through t...Show more TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.Show less
CVE-2025-28025 1Totolink 4A3000ru Firmware A3100r FirmwareA830r Firmware+1 more May 6, 2025 Apr 23, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through t...Show more TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.Show less
CVE-2025-28036 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-28035 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVE-2025-28029 1Totolink 4A3000ru Firmware A3100r FirmwareA830r Firmware+1 more May 7, 2025 Apr 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi
CVE-2025-28027 1Totolink 4A3000ru Firmware A3100r FirmwareA830r Firmware+1 more May 7, 2025 Apr 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28026 1Totolink 4A3000ru Firmware A3100r FirmwareA830r Firmware+1 more May 7, 2025 Apr 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVE-2025-28034 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain...Show more TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.Show less
CVE-2025-28033 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain...Show more TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.Show less
CVE-2025-28032 1Totolink 6A3000ru Firmware A3100r FirmwareA800r Firmware+3 more Apr 29, 2025 Apr 22, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth bu...Show more TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.Show less
CVE-2025-28256 1Totolink 1A3100r Firmware Apr 14, 2025 Mar 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
CVE-2024-42547 1Totolink 1A3100r Firmware Aug 13, 2024 Aug 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
CVE-2024-42546 1Totolink 1A3100r Firmware Aug 15, 2024 Aug 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password parameter in the loginauth function.
CVE-2024-7158 1Totolink 1A3100r Firmware Nov 21, 2024 Jul 28, 2024 5.3 MEDIUM· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Requ...Show more A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-7157 1Totolink 1A3100r Firmware Nov 21, 2024 Jul 28, 2024 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of t...Show more A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050_B20200504. It has been classified as critical. This affects the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less

12 3 Next