Totolink Ex1800t Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink Ex1800t Firmware.
By the Year
In 2026 there have been 0 vulnerabilities in Totolink Ex1800t Firmware. Last year, in 2025 Ex1800t Firmware had 7 security vulnerabilities published. Right now, Ex1800t Firmware is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 9.80 |
| 2024 | 3 | 9.80 |
| 2023 | 5 | 9.80 |
It may take a day or so for new Ex1800t Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink Ex1800t Firmware Security Vulnerabilities
Totolink EX1800T 9.1.0cu.2112 stack overflow in cstecgi.cgi
CVE-2025-2370
9.8 - Critical
- March 17, 2025
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
TOTOLINK EX1800T up to 9.1.0cu.2112 stack overflow in setPasswordCfg
CVE-2025-2369
9.8 - Critical
- March 17, 2025
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 buffer overflow via setRptWizardCfg
CVE-2025-2097
9.8 - Critical
- March 07, 2025
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
TOTOLINK EX1800T 9.1.0cu.2112 OS Command Injection via setRebootScheCfg Rmt
CVE-2025-2096
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Shell injection
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 – OS Cmd Inject setDmzCfg cstecgi.cgi
CVE-2025-2095
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Shell injection
TOTOLINK EX1800T 9.1.0cu.2112 OS Command Injection via setWiFiExtenderConfig
CVE-2025-2094
9.8 - Critical
- March 07, 2025
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Shell injection
Critical buf overflow in Totolink EX1800T 9.1.0c loginAuth CGI
CVE-2025-1852
9.8 - Critical
- March 03, 2025
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK EX1800T Stack-Based Buffer Overflow in cstecgi.cgi
CVE-2024-12352
9.8 - Critical
- December 09, 2024
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
TOTOLINK EX1800T V9.1.0cu.2112 Auth Bypass Cmd Exec via apcliEncrypType
CVE-2024-34257
- May 08, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
RCE via telnet_enabled param on TOTOlink EX1800T V9.1 firmware
CVE-2023-52026
9.8 - Critical
- January 12, 2024
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface
TOTOLINX EX1800T v9.1.0cu.2112_B20220316: arbt cmd exec via enable param in setDmzCfg
CVE-2023-51015
9.8 - Critical
- December 22, 2023
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the enable parameter of the setDmzCfg interface of the cstecgi .cgi
TOTOLINK EX1800T V9.1: LANSecDns CmdExec via setLanConfig CGI
CVE-2023-51014
9.8 - Critical
- December 22, 2023
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter of the setLanConfig interface of the cstecgi .cgi
Unauth cmd exec via opmode param in TOTOlink EX1800T 9.1.0
CVE-2023-51018
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the opmode parameter of the setWiFiApConfig interface of the cstecgi .cgi.
TOTOlink EX1800T Remote Cmd Exec via setRebootScheCfg
CVE-2023-51026
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the hour parameter of the setRebootScheCfg interface of the cstecgi .cgi.
Arbitrary Cmd Exec via admuser in TOTOlink EX1800T setPasswordCfg CGI (V9.1.0cu.2112_B20220316)
CVE-2023-51025
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi .cgi.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink Ex1800t Firmware or by Totolink? Click the Watch button to subscribe.
