Filtered by vendor Totolink
Subscriptions
Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37639 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. | ||||
| CVE-2024-37637 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 9.8 Critical |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. | ||||
| CVE-2024-37634 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 9.8 Critical |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. | ||||
| CVE-2024-37633 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg | ||||
| CVE-2024-37631 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-03 | 8.8 High |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. | ||||
| CVE-2024-32327 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 5.5 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. | ||||
| CVE-2024-32332 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 6.1 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. | ||||
| CVE-2024-32333 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 4.3 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. | ||||
| CVE-2024-32334 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 6.5 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. | ||||
| CVE-2024-32335 | 1 Totolink | 2 N300rt, N300rt Firmware | 2025-04-03 | 5.4 Medium |
| TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. | ||||
| CVE-2025-25610 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-03 | 8 High |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa. | ||||
| CVE-2025-25609 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-03 | 8 High |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa | ||||
| CVE-2025-25635 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-03 | 8 High |
| TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa. | ||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1852 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 8.8 High |
| A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2094 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2095 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2097 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2096 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.3 Medium |
| A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-28338 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-04-03 | 8.0 High |
| A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. | ||||