Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink X5000r Firmware41 vulnerabilities

Totolink X6000r Firmware35 vulnerabilities

Totolink A3700r Firmware31 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink A3300r Firmware29 vulnerabilities

Totolink X15 Firmware25 vulnerabilities

Totolink Lr350 Firmware24 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A7100ru Firmware24 vulnerabilities

Totolink A3002r Firmware23 vulnerabilities

Totolink Ex1200t Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink A3600r Firmware19 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink N150rt Firmware15 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink T6 Firmware14 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink T10 Firmware11 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink A3002ru Firmware10 vulnerabilities

Totolink Nr1800x Firmware10 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink A702r Firmware10 vulnerabilities

Totolink A7000r Firmware8 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink N300rh Firmware7 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink A800r Firmware6 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink N300rt Firmware6 vulnerabilities

Totolink N600r Firmware5 vulnerabilities

Totolink N350rt Firmware4 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink A8000ru Firmware2 vulnerabilities

Totolink X182 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink Wa300 Firmware2 vulnerabilities

Totolink A6000ub Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink N302re Firmware1 vulnerability

Totolink N302r Firmware1 vulnerability

Totolink N301rt Firmware1 vulnerability

Totolink N100re Firmware1 vulnerability

Totolink N200re Firmware1 vulnerability

Totolink N300rb Firmware1 vulnerability

By the Year

In 2026 there have been 21 vulnerabilities in Totolink with an average score of 7.4 out of ten. Last year, in 2025 Totolink had 253 security vulnerabilities published. Right now, Totolink is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.72




Year Vulnerabilities Average Score
2026 21 7.35
2025 253 8.07
2024 219 9.09
2023 105 9.65
2022 18 9.30
2021 0 0.00
2020 1 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-3696 Mar 08, 2026
TOTOLINK N300RH CGI Handler WPS Command Injection A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
N300rh Firmware
CVE-2026-3301 Feb 27, 2026
OS Command Injection in Totolink N300RH 6.1c.1353 Web Management Interface A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affected by this vulnerability is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument webWlanIdx results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
N300rh Firmware
CVE-2026-2167 Feb 08, 2026
Totolink WA300 Remote OS Command Injection via setAPNetwork (5.2cu.7112) A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.
Wa300 Firmware
CVE-2026-1723 Jan 30, 2026
TOTOLINK X6000R Pre-9.4.0cu.1498 OS Command Injection Vulnerability Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498_B20250826.
X6000r Firmware
CVE-2026-1686 Jan 30, 2026
Totolink A3600R 5.9c.4959 Buffer Overflow in setAppEasyWizardConfig A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
A3600r Firmware
CVE-2026-1623 Jan 29, 2026
Cmd Injection via FileName in Totolink A7000R 4.1cu.4154 setUpgradeFW A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A7000r Firmware
CVE-2026-1601 Jan 29, 2026
Totolink A7000R 4.1cu.4154 Cmd Inj via cstecgi.cgi A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7000r Firmware
CVE-2026-1548 Jan 28, 2026
Cmd Injection in Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
A7000r Firmware
CVE-2026-1547 Jan 28, 2026
Command Injection in Totolink A7000R 4.1cu.4154's setUnloadUserData CGI A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
A7000r Firmware
CVE-2026-1328 Jan 22, 2026
Totolink NR1800X 9.1.0u.6279 Remote Buffer Overflow via setWizardCfg ssid A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Nr1800x Firmware
CVE-2026-1327 Jan 22, 2026
Totolink NR1800X 9.1.0u Command Injection via POST Handler A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Nr1800x Firmware
CVE-2026-1326 Jan 22, 2026
Command Injection in Totolink NR1800X 9.1.0u via POST Hostname A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Nr1800x Firmware
CVE-2026-1158 Jan 19, 2026
Totolink LR350 9.3.5u Buffer Overflow via POST ssid in cstecgi.cgi A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Lr350 Firmware
CVE-2026-1157 Jan 19, 2026
Totolink LR350 9.3.5u.6369 Remote Buffer Overflow in setWiFiEasyCfg A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Lr350 Firmware
CVE-2026-1156 Jan 19, 2026
Totolink LR350 9.3.5u.6369_B20220309 Buffer Overflow via setWiFiBasicCfg A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309. Affected by this issue is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Lr350 Firmware
CVE-2026-1155 Jan 19, 2026
Totolink LR350 9.3.5u.6369 Buffer Overflow in setWiFiEasyGuestCfg (Remote) A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
Lr350 Firmware
CVE-2026-1150 Jan 19, 2026
Totolink LR350 9.3.5u Command Injection via POST setTracerouteCfg (Remote) A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Lr350 Firmware
CVE-2026-1149 Jan 19, 2026
Totolink LR350 9.3.5u remote command injection via /cgi-bin/cstecgi.cgi A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Lr350 Firmware
CVE-2026-1143 Jan 19, 2026
TOTOLINK A3700R 9.1.2u Buffer Overflow via ssid in setWiFiEasyGuestCfg A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A3700r Firmware
CVE-2026-0731 Jan 08, 2026
TOTOLINK WA1200 5.9c remote null ptr deref A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-0641 Jan 06, 2026
TOTOLINK WA300 5.2cu.7112 cmd injection in cstecgi.cgi sub_401510 A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Wa300 Firmware
CVE-2025-14964 Dec 19, 2025
Stack Buffer Overrun via loginAuthUrl in TOTOLINK T10 4.1.8cu.5083_B20200521 A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
T10 Firmware
CVE-2025-14586 Dec 13, 2025
Cmd Injection via snprintf in TOTOLINK X5000R 9.1.0 (exportOvpn) A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
X5000r Firmware
CVE-2025-34319 Dec 03, 2025
OS Command Injection in TOTOLINK N300RT (V3.4.0-B20250430-) Boa formWsc TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
N300rt Firmware
CVE-2025-12260 Oct 27, 2025
TOTOLINK A3300R 17.0.0cu.557_B20221024 POST Buffer Overflow in setSyslogCfg A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation of the argument enable leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A3300r Firmware
CVE-2025-12259 Oct 27, 2025
Stack Buffer Overflow in TOTOLINK A3300R setScheduleCfg Remote A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A3300r Firmware
CVE-2025-12258 Oct 27, 2025
Remote buffer overflow via SETOPMODE in TOTOLINK A3300R 17.0.0cu.557 A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from remote.
A3300r Firmware
CVE-2025-12241 Oct 27, 2025
TOTOLINK A3300R 17.0.0cu.557_B20221024 buf overflow in setLanguageCfg A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
A3300r Firmware
CVE-2025-12240 Oct 27, 2025
Buffer Overflow in TOTOLINK A3300R 17.0.0cu setDmzCfg CGI Remote A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
A3300r Firmware
CVE-2025-12239 Oct 27, 2025
TOTOLINK A3300R 17.0.0cu Buffer Overflow in setDdnsCfg via cgi-bin/cstecgi.cgi A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.
A3300r Firmware
CVE-2025-11444 Oct 08, 2025
TOTOLINK N600R Buffer Overflow via HTTP Req Handler (<=4.3.0cu.7866_B20220506) A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
N600r Firmware
CVE-2025-61045 Oct 01, 2025
TOTOLINK X18 cmd-injection in setEasyMeshAgentCfg V9.1.0cu.2053 TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.
X18
CVE-2025-61044 Oct 01, 2025
Command Injection in TOTOLINK X18 V9.1.0cu.2053 via agentName TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
X18
CVE-2025-11005 Sep 25, 2025
OS Command Injection in TOTOLINK X6000R <= V9.4.0cu.1458_B20250708 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.
X6000r Firmware
CVE-2025-52907 Sep 24, 2025
IIV in TOTOLINK X6000R V9.4.0cu.1360_B20241207 - Cmd Injection Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
X6000r Firmware
CVE-2025-52906 Sep 24, 2025
OS Command Injection in TOTOLINK X6000R V9.4.0cu.1360_B20241207 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
X6000r Firmware
CVE-2025-52905 Sep 23, 2025
Input Validation Vulnerability in TOTOLINK X6000R V9.4.0cu.1360 Flooding Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
X6000r Firmware
CVE-2025-51451 Aug 13, 2025
TOTOLINK EX1200T 4.1.2cu.5215 Auth Bypass via formLoginAuth.htm In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
Ex1200t Firmware
CVE-2025-51452 Aug 13, 2025
Auth Bypass in TOTOLINK A7000R firmware 9.1.0u.6115_B20201022 In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
A7000r Firmware
CVE-2025-51390 Aug 04, 2025
TOTOLINK N600R V4.3.0cu.7647 Command Injection via pin TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
N600r Firmware
CVE-2025-52284 Jul 29, 2025
Command Injection RCE in Totolink X6000R V9.4 via tz param Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
X6000r Firmware
CVE-2025-8245 Jul 27, 2025
TOTOLINK X15 RCE via buffer overflow in /boafrm/formMultiAPVLAN A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
X15 Firmware
CVE-2025-8246 Jul 27, 2025
TOTOLINK X15 1.0.0 Buffer Overflow RCE via /boafrm/formRoute A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
X15 Firmware
CVE-2025-8243 Jul 27, 2025
TOTOLINK X15 Buffer Overflow /boafrm/formMapDel 1.0.0-B20230714.1105 A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
X15 Firmware
CVE-2025-8244 Jul 27, 2025
TOTOLINK X15 1.0.0-B20230714 RCE via HTTP POST Buffer Overflow A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
X15 Firmware
CVE-2025-8242 Jul 27, 2025
TOTOLINK X15 1.0.0-B20230714 Buffer Overflow in HTTP POST Handler A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
X15 Firmware
CVE-2025-8170 Jul 25, 2025
TOTOLINK T6 v4.1.5cu.748 B20211015 RCE via MQTT Packet Handler A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
T6 Firmware
CVE-2025-8139 Jul 25, 2025
TOTOLINK A702R 4.0.0-B20230721.1521 RCE via HTTP POST Buffer Overflow A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A702r Firmware
CVE-2025-8140 Jul 25, 2025
TOTOLINK A702R 4.0.0 RCE via HTTP POST Buffer Overflow /formWlanMultipleAP A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A702r Firmware
CVE-2025-8137 Jul 25, 2025
TOTOLINK A702R 4.0.0-B202307211521 RCE via /boafrm/formIpQoS mac BF A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A702r Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.