Totolink A7000r Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink A7000r Firmware.
By the Year
In 2026 there have been 4 vulnerabilities in Totolink A7000r Firmware with an average score of 6.3 out of ten. Last year, in 2025 A7000r Firmware had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 3.50
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 6.30 |
| 2025 | 1 | 9.80 |
| 2024 | 2 | 8.80 |
| 2023 | 1 | 9.80 |
It may take a day or so for new A7000r Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink A7000r Firmware Security Vulnerabilities
Cmd Injection via FileName in Totolink A7000R 4.1cu.4154 setUpgradeFW
CVE-2026-1623
6.3 - Medium
- January 29, 2026
A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Command Injection
Totolink A7000R 4.1cu.4154 Cmd Inj via cstecgi.cgi
CVE-2026-1601
6.3 - Medium
- January 29, 2026
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Command Injection
Cmd Injection in Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi
CVE-2026-1548
6.3 - Medium
- January 28, 2026
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Command Injection
Command Injection in Totolink A7000R 4.1cu.4154's setUnloadUserData CGI
CVE-2026-1547
6.3 - Medium
- January 28, 2026
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Command Injection
Auth Bypass in TOTOLINK A7000R firmware 9.1.0u.6115_B20201022
CVE-2025-51452
9.8 - Critical
- August 13, 2025
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
TOTOLINK A7000R 9.1.0u.6268_B20220504 Buffer Overflow via setWizardCfg(ssid)
CVE-2024-7213
8.8 - High
- July 30, 2024
A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
TOTOLINK A7000R 9.1.0u Buffer Overflow via loginauth password
CVE-2024-7212
8.8 - High
- July 30, 2024
A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
TOTOLink A7000R V9.1.0u.6115_B20201022 Stack Overflow via setOpModeCfg
CVE-2023-49417
9.8 - Critical
- December 11, 2023
TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink A7000r Firmware or by Totolink? Click the Watch button to subscribe.
