Filtered by vendor Totolink Subscriptions
Total 935 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23060 1 Totolink 2 A3300r, A3300r Firmware 2025-06-17 9.8 Critical
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function.
CVE-2025-45864 1 Totolink 2 A3002r, A3002r Firmware 2025-06-17 5.4 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVE-2024-0571 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2025-06-17 8.8 High
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-45866 1 Totolink 2 A3002r, A3002r Firmware 2025-06-17 5.4 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVE-2025-45867 1 Totolink 2 A3002r, A3002r Firmware 2025-06-17 5.4 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVE-2024-31815 1 Totolink 2 Ex200, Ex200 Firmware 2025-06-17 9.1 Critical
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh
CVE-2024-33820 1 Totolink 2 A3002r, A3002r Firmware 2025-06-17 7.5 High
Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow.
CVE-2023-52027 1 Totolink 2 A3700r, A3700r Firmware 2025-06-17 9.8 Critical
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function.
CVE-2023-52032 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-17 9.8 Critical
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
CVE-2024-0944 1 Totolink 2 T8, T8 Firmware 2025-06-17 3.7 Low
A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-52041 1 Totolink 2 X6000r, X6000r Firmware 2025-06-17 9.8 Critical
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
CVE-2024-51141 1 Totolink 3 A6000ub, A6000ub Firmware, Wifi Usb Driver 2025-06-17 7.8 High
An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.
CVE-2024-0295 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2025-06-16 7.3 High
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1001 1 Totolink 2 N200re, N200re Firmware 2025-06-16 7.2 High
A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-45859 1 Totolink 2 A3002r, A3002r Firmware 2025-06-16 5.4 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVE-2025-5907 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-16 8.8 High
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5908 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-16 8.8 High
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5909 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-16 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5910 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-16 8.8 High
A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5911 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-16 8.8 High
A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.