A7100ru Firmware

a7100ru_firmware

Vendor: Totolink • 37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-44655 1Totolink 3A7100ru Firmware A950rg FirmwareT10 Firmware Aug 7, 2025 Jul 21, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised ser...Show more In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.Show less
CVE-2023-7095 1Totolink 1A7100ru Firmware Nov 21, 2024 Dec 25, 2023 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP...Show more A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.Show less
CVE-2023-6906 1Totolink 1A7100ru Firmware Nov 21, 2024 Dec 18, 2023 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handle...Show more A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-33556 1Totolink 1A7100ru Firmware Jan 7, 2025 Jun 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
CVE-2023-30054 1Totolink 1A7100ru Firmware Jan 29, 2025 May 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
CVE-2023-30053 1Totolink 1A7100ru Firmware Jan 29, 2025 May 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
CVE-2023-26978 1Totolink 1A7100ru Firmware Feb 12, 2025 Apr 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
CVE-2023-26848 1Totolink 1A7100ru Firmware Feb 12, 2025 Apr 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
CVE-2023-27232 1Totolink 1A7100ru Firmware Feb 18, 2025 Mar 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
CVE-2023-27231 1Totolink 1A7100ru Firmware Feb 18, 2025 Mar 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
CVE-2023-27229 1Totolink 1A7100ru Firmware Feb 18, 2025 Mar 28, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
CVE-2023-27135 1Totolink 1A7100ru Firmware Feb 25, 2025 Mar 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
CVE-2023-25395 1Totolink 1A7100ru Firmware Nov 21, 2024 Mar 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules.
CVE-2023-24184 1Totolink 1A7100ru Firmware Mar 14, 2025 Feb 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
CVE-2023-24238 1Totolink 1A7100ru Firmware Mar 18, 2025 Feb 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.
CVE-2023-24236 1Totolink 1A7100ru Firmware Mar 18, 2025 Feb 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.
CVE-2023-24276 1Totolink 1A7100ru Firmware Mar 25, 2025 Feb 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.
CVE-2022-48126 1Totolink 1A7100ru Firmware Apr 3, 2025 Jan 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
CVE-2022-48125 1Totolink 1A7100ru Firmware Apr 3, 2025 Jan 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
CVE-2022-48124 1Totolink 1A7100ru Firmware Apr 3, 2025 Jan 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.

12 Next