Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink X5000r Firmware40 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink A3700r Firmware29 vulnerabilities

Totolink X6000r Firmware28 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A7100ru Firmware24 vulnerabilities

Totolink A3002r Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink A3300r Firmware22 vulnerabilities

Totolink Ex1200t Firmware21 vulnerabilities

Totolink X15 Firmware20 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink A3600r Firmware18 vulnerabilities

Totolink Lr350 Firmware18 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink N150rt Firmware14 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink T10 Firmware10 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A3002ru Firmware9 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink Nr1800x Firmware7 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink A800r Firmware6 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink N300rh Firmware5 vulnerabilities

Totolink N300rt Firmware5 vulnerabilities

Totolink N600r Firmware3 vulnerabilities

Totolink N350rt Firmware3 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A702r Firmware3 vulnerabilities

Totolink A7000r Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink A8000ru Firmware2 vulnerabilities

Totolink T6 Firmware1 vulnerability

Totolink A6000ub Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

By the Year

In 2025 there have been 206 vulnerabilities in Totolink with an average score of 7.9 out of ten. Last year, in 2024 Totolink had 219 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Totolink in 2025 could surpass last years number. Last year, the average CVE base score was greater by 1.17




Year Vulnerabilities Average Score
2025 206 7.92
2024 219 9.09
2023 104 9.65
2022 17 9.39
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615

CVE-2025-6953 8.8 - High - July 01, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615

CVE-2025-6939 8.8 - High - July 01, 2025

A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521

CVE-2025-6940 8.8 - High - July 01, 2025

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015

CVE-2025-6916 8.8 - High - June 30, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

authentification

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521

CVE-2025-6825 8.8 - High - June 28, 2025

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105

CVE-2025-6824 7.5 - High - June 28, 2025

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884

CVE-2025-6618 9.8 - Critical - June 25, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884

CVE-2025-6619 9.8 - Critical - June 25, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884

CVE-2025-6620 9.8 - Critical - June 25, 2025

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884

CVE-2025-6621 9.8 - Critical - June 25, 2025

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6568 8.8 - High - June 24, 2025

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128

CVE-2025-6486 8.8 - High - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128

CVE-2025-6487 8.8 - High - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128

CVE-2025-6485 6.3 - Medium - June 22, 2025

A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105

CVE-2025-6402 8.8 - High - June 21, 2025

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101

CVE-2025-6401 3.5 - Low - June 21, 2025

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.

Improper Resource Shutdown or Release

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical

CVE-2025-6400 8.8 - High - June 21, 2025

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument service_type leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105

CVE-2025-6399 8.8 - High - June 21, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6336 6.5 - Medium - June 20, 2025

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525

CVE-2025-6299 4.7 - Medium - June 20, 2025

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Shell injection

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6302 8.8 - High - June 20, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105

CVE-2025-6165 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404

CVE-2025-6164 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical

CVE-2025-6163 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical

CVE-2025-6162 8.8 - High - June 17, 2025

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105

CVE-2025-6150 8.8 - High - June 17, 2025

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404

CVE-2025-6149 8.8 - High - June 17, 2025

A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521

CVE-2025-6147 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615

CVE-2025-6148 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105

CVE-2025-6146 8.8 - High - June 17, 2025

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6143 8.8 - High - June 16, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical

CVE-2025-6144 8.8 - High - June 16, 2025

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical

CVE-2025-6145 8.8 - High - June 16, 2025

A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-6138 8.8 - High - June 16, 2025

A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-6139 3.9 - Low - June 16, 2025

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Credentials Management Errors

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-6137 8.8 - High - June 16, 2025

A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6130 8.8 - High - June 16, 2025

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6129 8.8 - High - June 16, 2025

A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713

CVE-2025-6128 8.8 - High - June 16, 2025

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506

CVE-2025-46060 - June 13, 2025

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical

CVE-2025-5910 8.8 - High - June 10, 2025

A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical

CVE-2025-5911 8.8 - High - June 10, 2025

A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713

CVE-2025-5909 8.8 - High - June 10, 2025

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713

CVE-2025-5908 8.8 - High - June 10, 2025

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713

CVE-2025-5907 8.8 - High - June 10, 2025

A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-5903 8.8 - High - June 10, 2025

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-5904 8.8 - High - June 10, 2025

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207

CVE-2025-5905 8.8 - High - June 10, 2025

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical

CVE-2025-5902 8.8 - High - June 09, 2025

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical

CVE-2025-5901 8.8 - High - June 09, 2025

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.