Nr1800x Firmware

nr1800x_firmware

Vendor: Totolink • 27 CVEs

CVEs (27)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-5030 1Totolink 1Nr1800x Firmware Apr 29, 2026 Mar 29, 2026 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument...Show more A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-1328 1Totolink 1Nr1800x Firmware Jan 29, 2026 Jan 22, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argum...Show more A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.Show less
CVE-2026-1327 1Totolink 1Nr1800x Firmware Apr 29, 2026 Jan 22, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipula...Show more A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-1326 1Totolink 1Nr1800x Firmware Apr 29, 2026 Jan 22, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the...Show more A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2025-60688 1Totolink 2Lr1200gb Firmware Nr1800x Firmware Nov 19, 2025 Nov 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary read...Show more A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.Show less
CVE-2025-60686 1Totolink 3A720r Firmware Lr1200gb FirmwareNr1800x Firmware Nov 19, 2025 Nov 13, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703...Show more A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.Show less
CVE-2025-60684 1Totolink 2Lr1200gb Firmware Nr1800x Firmware Nov 24, 2025 Nov 13, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface r...Show more A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.Show less
CVE-2025-45845 1Totolink 1Nr1800x Firmware May 16, 2025 May 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
CVE-2025-45844 1Totolink 1Nr1800x Firmware May 16, 2025 May 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
CVE-2025-45843 1Totolink 1Nr1800x Firmware May 16, 2025 May 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
CVE-2025-45842 1Totolink 1Nr1800x Firmware May 16, 2025 May 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
CVE-2025-45841 1Totolink 1Nr1800x Firmware May 16, 2025 May 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2024-35388 1Totolink 1Nr1800x Firmware May 30, 2025 May 24, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVE-2023-7220 1Totolink 1Nr1800x Firmware Nov 21, 2024 Jan 9, 2024 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password...Show more A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-36340 1Totolink 1Nr1800x Firmware Nov 21, 2024 Oct 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2022-44256 1Totolink 1Nr1800x Firmware Apr 25, 2025 Nov 23, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
CVE-2022-41528 1Totolink 1Nr1800x Firmware Nov 21, 2024 Oct 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2022-41527 1Totolink 1Nr1800x Firmware Nov 21, 2024 Oct 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function.
CVE-2022-41526 1Totolink 1Nr1800x Firmware Nov 21, 2024 Oct 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function.
CVE-2022-41525 1Totolink 1Nr1800x Firmware Nov 21, 2024 Oct 6, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.

12 Next