Filtered by vendor Totolink
Subscriptions
Total
984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55591 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 9.8 Critical |
| TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint. | ||||
| CVE-2025-55590 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html. | ||||
| CVE-2025-55589 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice. | ||||
| CVE-2025-55588 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55587 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55586 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 7.5 High |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-55585 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. | ||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 5.3 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | ||||
| CVE-2025-8937 | 1 Totolink | 1 N350r | 2025-08-15 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51390 | 1 Totolink | 2 N600r, N600r Firmware | 2025-08-15 | 9.8 Critical |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. | ||||
| CVE-2025-8938 | 1 Totolink | 1 N350r | 2025-08-15 | 6.3 Medium |
| A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6485 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-14 | 6.3 Medium |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-51451 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-51452 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-44655 | 1 Totolink | 6 A7100ru, A7100ru Firmware, A950rg and 3 more | 2025-08-07 | 9.8 Critical |
| In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | ||||
| CVE-2025-8170 | 1 Totolink | 2 T6, T6 Firmware | 2025-08-07 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52284 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-08-06 | 6.5 Medium |
| Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-8136 | 1 Totolink | 2 A702r, A702r Firmware | 2025-08-04 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6337 | 1 Totolink | 4 A3002r, A3002r Firmware, A3002ru and 1 more | 2025-08-01 | 8.8 High |
| A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8242 | 1 Totolink | 2 X15, X15 Firmware | 2025-07-29 | 8.8 High |
| A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||