Totolink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-9779 1Totolink 1A702r Firmware Sep 4, 2025 Sep 1, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer ov...Show more A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.Show less
CVE-2025-9577 1Totolink 1X2000r Firmware Apr 29, 2026 Aug 28, 2025 1.1 LOW· v4 7.0 HIGH· v3 1.0 LOW· v2 A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of...Show more A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.Show less
CVE-2025-9533 1Totolink 1T10 Firmware Apr 29, 2026 Aug 27, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authenti...Show more A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-9303 1Totolink 1A720r Firmware Oct 6, 2025 Aug 21, 2025 7.4 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buff...Show more A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.Show less
CVE-2025-55591 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
CVE-2025-55590 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
CVE-2025-55589 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.
CVE-2025-55588 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-55587 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafte...Show more TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.Show less
CVE-2025-55586 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-55585 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
CVE-2025-55584 1Totolink 1A3002r Firmware Aug 21, 2025 Aug 18, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVE-2025-8938 1Totolink 1N350r Firmware Apr 29, 2026 Aug 14, 2025 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to...Show more A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-8937 1Totolink 1N350r Firmware Apr 29, 2026 Aug 14, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely....Show more A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-51451 1Totolink 1Ex1200t Firmware Sep 26, 2025 Aug 13, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
CVE-2025-51452 1Totolink 1A7000r Firmware Aug 14, 2025 Aug 13, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
CVE-2025-51390 1Totolink 1N600r Firmware Aug 15, 2025 Aug 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
CVE-2025-52284 1Totolink 1X6000r Firmware Sep 15, 2025 Jul 29, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary com...Show more Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.Show less
CVE-2025-8246 1Totolink 1X15 Firmware Jul 29, 2025 Jul 27, 2025 7.4 HIGH· v4 7.5 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler...Show more A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-8245 1Totolink 1X15 Firmware Jul 29, 2025 Jul 27, 2025 7.4 HIGH· v4 7.5 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST...Show more A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...678...56 Next