Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink A7100ru Firmware64 vulnerabilities

Totolink X5000r Firmware42 vulnerabilities

Totolink A3300r Firmware39 vulnerabilities

Totolink X6000r Firmware36 vulnerabilities

Totolink A3700r Firmware31 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink A8000ru Firmware28 vulnerabilities

Totolink X15 Firmware25 vulnerabilities

Totolink Lr350 Firmware25 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A3002r Firmware23 vulnerabilities

Totolink Ex1200t Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink A3600r Firmware20 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink N150rt Firmware15 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink T6 Firmware14 vulnerabilities

Totolink N300rh Firmware13 vulnerabilities

Totolink Nr1800x Firmware13 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink T10 Firmware11 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink A3002ru Firmware10 vulnerabilities

Totolink A702r Firmware10 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A7000r Firmware9 vulnerabilities

Totolink N300rt Firmware8 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink Wa300 Firmware8 vulnerabilities

Totolink A800r Firmware7 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink N600r Firmware5 vulnerabilities

Totolink N350rt Firmware4 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink X182 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink N100re Firmware1 vulnerability

Totolink N200re Firmware1 vulnerability

Totolink N302re Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink N302r Firmware1 vulnerability

Totolink N301rt Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink N300rb Firmware1 vulnerability

Totolink A6000ub Firmware1 vulnerability

By the Year

In 2026 there have been 122 vulnerabilities in Totolink with an average score of 8.6 out of ten. Last year, in 2025 Totolink had 253 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Totolink in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.51.




Year Vulnerabilities Average Score
2026 122 8.58
2025 253 8.07
2024 219 9.09
2023 105 9.65
2022 18 9.30
2021 0 0.00
2020 1 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-8137 May 08, 2026
Totolink X5000R 9.1.0u Buffer Overflow in formDdns sub_458E40 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
X5000r Firmware
CVE-2026-7823 May 05, 2026
CVE-2026-7823: Cmd Injection via setAppFilterCfg on Totolink A8000RU 7.1cu A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7750 May 04, 2026
Buffer Overflow in Totolink N300RH 3.2.4-B20220812 setMacFilterRules A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
N300rh Firmware
CVE-2026-7749 May 04, 2026
Remote Buffer Overflow in Totolink N300RH 3.2.4 setWanConfig (POST) A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
N300rh Firmware
CVE-2026-7748 May 04, 2026
Totolink N300RH 3.2.4 Buffer Overflow in POST Request Handler A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
N300rh Firmware
CVE-2026-7747 May 04, 2026
Totolink N300RH 3.2.4 Param.Handler loginauth Buffer Overflow CVE-2026-7747 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
N300rh Firmware
CVE-2026-7721 May 04, 2026
Totolink WA300 5.2cu.7112_B20190227 cmd injection via NTPSyncWithHost A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Wa300 Firmware
CVE-2026-7720 May 04, 2026
Totolink WA300 5.2cu.7112_B20190227 cmdinjection POST setLanguageCfg (cgi-bin) A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Wa300 Firmware
CVE-2026-7719 May 04, 2026
Totolink WA300 5.2cu.7112 B20190227: http_host Buffer Overflow A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Wa300 Firmware
CVE-2026-7718 May 04, 2026
Command Injection in Totolink WA300 5.2cu.7112 via setWebWlanIdx A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Wa300 Firmware
CVE-2026-7717 May 04, 2026
Buffer Overflow in Totolink WA300 5.2cu.7112_B20190227 UploadCustomModule A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Wa300 Firmware
CVE-2026-7633 May 02, 2026
RFI in Totolink N300RH 6.1c via setUploadSetting A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might be used.
N300rh Firmware
CVE-2026-7548 May 01, 2026
Command Injection in Totolink NR1800X 9.1.0u.6279 Router A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Nr1800x Firmware
CVE-2026-7546 May 01, 2026
Totolink NR1800X 9.1.0u.6279_B20210910 lighttpd find_host_ip SB-Buffer Overflow A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Nr1800x Firmware
CVE-2026-7538 May 01, 2026
Totolink A8000RU 7.1cu.643 os Command Injection in /cgi-bin/cstecgi.cgi A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7244 Apr 28, 2026
Totolink A8000RU 7.1cu.643 OS CMD Injection via CgiHandler setWiFiEasyGuestCfg A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7243 Apr 28, 2026
OS Cmd Injection in Totolink A8000RU 7.1cu CGI setRadvd(maxRtrAdvInterval) A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7242 Apr 28, 2026
Totolink A8000RU 7.1cu.643 CLI Command Injection via setOpenVpnClientCfg A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7241 Apr 28, 2026
Command injection in Totolink A8000RU CGI Handler (before 7.1cu.643_b20200521) A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7240 Apr 28, 2026
Command Injection in Totolink A8000RU 7.1cu.643 CGI Handler A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7219 Apr 28, 2026
Totolink N300RT 3.4.0-B20250430: Remote Buffer Overflow via /boafrm/formIpQoS A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
N300rt Firmware
CVE-2026-7218 Apr 28, 2026
Totolink N300RT 3.4.0 buffer overflow in libapmib.so via localPin (remote) A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
N300rt Firmware
CVE-2026-7204 Apr 28, 2026
OS Command Injection in Totolink A8000RU v7.1cu.643 CGI setPptpServerCfg A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7203 Apr 28, 2026
OS Command Injection via setUrlFilterRules in Totolink A8000RU 7.1cu A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7202 Apr 27, 2026
Totolink A8000RU 7.1cu.643 os command injection via CGI Handler wscDisabled A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7156 Apr 27, 2026
OS Command Injection via HTTP Param in Totolink A8000RU 7.1cu.643 CGI Handler A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-7155 Apr 27, 2026
Totolink A8000RU 7.1cu.643 CGI Handler OSCI in setLoginPasswordCfg A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-7154 Apr 27, 2026
Totolink A8000RU CGI Handler cmdinject via tty_server (7.1cu.643) A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-7153 Apr 27, 2026
Totolink A8000RU 7.1cu.643_b20200521 OS Command Injection via CGI Handler A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7152 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu CGI Handler (setTelnetCfg) A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7140 Apr 27, 2026
Outdated Totolink A8000RU 7.1cu.643_b20200521 CGI Handler OS Cmd Injection A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7139 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu CGI Handler A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-7138 Apr 27, 2026
Totolink A8000RU 7.1cu.643 os Cmd Injection in setNtpCfg TZ A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-7137 Apr 27, 2026
Totolink A8000RU 7.1cu CGI Handler OS Command Injection A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-7136 Apr 27, 2026
Totolink A8000RU 7.1cu.643_b20200521 OS Command Injection via WANIdx in cstecgi.cgi A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-7125 Apr 27, 2026
Totolink A8000RU 7.1cu.643 CGI Handler cmd inject via merge A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7124 Apr 27, 2026
OS command injection via CGI in Totolink A8000RU 7.1cu.643 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7123 Apr 27, 2026
OS Command Injection via CGI Handler in Totolink A8000RU 7.1cu.643 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7122 Apr 27, 2026
Totolink A8000RU 7.1cu.643 Remote Cmd Injection via setUPnPCfg CGI Handler A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7121 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu.643 CGI Handler A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-7037 Apr 26, 2026
Totolink A8000RU 7.1cu OS Cmd Injn via setVpnPassCfg (pptpPassThru) A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-31167 Apr 23, 2026
ToToLink A3300R v17.0.0cu.557 RCE via /cgi-bin/cstecgi.cgi An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
A3300r Firmware
CVE-2026-6195 Apr 13, 2026
Remote OS Command Injection in Totolink A7100RU Router CGI setPasswordCfg 7.4cu A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6194 Apr 13, 2026
Totolink A3002MU B20211125.1046 HTTP ReqHandler Buffer Overflow A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-6168 Apr 13, 2026
Stack Buffer Overflow in TOTOLINK A7000R setWiFiEasyGuestCfg before 9.1.0u.6115 A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A7000r Firmware
CVE-2026-6158 Apr 13, 2026
Totolink N300RH 6.1c OS Command Injection via setUpgradeUboot in upgrade.so A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
N300rh Firmware
CVE-2026-6157 Apr 13, 2026
Totolink A800R 4.1.2cu Buffer Overflow via apcliSsid (setAppEasyWizardConfig) A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
A800r Firmware
CVE-2026-6156 Apr 13, 2026
OS Command Injection in Totolink A7100RU 7.4cu CGI Handler (setIpQosRules) A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6155 Apr 13, 2026
TOTOLINK A7100RU 7.4cu.2313 CGI Cmd Injection via pppoeServiceName A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6154 Apr 13, 2026
OS Command Injection via setWizardCfg on Totolink A7100RU 7.4cu.2313 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.