Totolink Cp900 Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink Cp900 Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Totolink Cp900 Firmware. Last year, in 2025 Cp900 Firmware had 4 security vulnerabilities published. Right now, Cp900 Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 0.00 |
| 2024 | 2 | 9.80 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Cp900 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink Cp900 Firmware Security Vulnerabilities
Totolink CPE CP900 v6.3c.1144_b20190715 Cmd Injection via setUploadUserData
CVE-2025-44838
- May 01, 2025
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
TOTOLINK CPE CP900 V6.3c.1144 B20190715 Cmd Inj via CloudSrvUserdataVerCheck
CVE-2025-44837
- May 01, 2025
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Cmd Injection in Totolink CPE CP900 v6.3c setApRebootScheCfg
CVE-2025-44836
- May 01, 2025
TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
TOTOLINK CP900 V6.3c.1144 cmd injection via FileName (setUpgradeUboot)
CVE-2025-44854
- May 01, 2025
TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Command Injection in TOTOLINK CP900 6.3c.566 Telnet Service setTelnetCfg
CVE-2024-7464
9.8 - Critical
- August 05, 2024
A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Command Injection
Critical Remote Buffer Overflow in TOTOLINK CP900 6.3c.566 cstecgi.cgi
CVE-2024-7463
9.8 - Critical
- August 05, 2024
A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Classic Buffer Overflow
Command Injection in TOTOLink CP900 V6.3 via webWlanIdx
CVE-2022-28495
9.8 - Critical
- March 24, 2023
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink Cp900 Firmware or by Totolink? Click the Watch button to subscribe.
