Totolink Ex1800t Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink Ex1800t Firmware.
By the Year
In 2025 there have been 7 vulnerabilities in Totolink Ex1800t Firmware with an average score of 9.8 out of ten. Last year, in 2024 Ex1800t Firmware had 3 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2025 as compared to last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2025 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 7 | 9.80 |
| 2024 | 3 | 9.80 |
| 2023 | 5 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ex1800t Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink Ex1800t Firmware Security Vulnerabilities
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316
CVE-2025-2370
9.8 - Critical
- March 17, 2025
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316
CVE-2025-2369
9.8 - Critical
- March 17, 2025
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316
CVE-2025-2097
9.8 - Critical
- March 07, 2025
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316
CVE-2025-2096
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Shell injection
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316
CVE-2025-2095
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Shell injection
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316
CVE-2025-2094
9.8 - Critical
- March 07, 2025
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Shell injection
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical
CVE-2025-1852
9.8 - Critical
- March 03, 2025
A vulnerability has been found in Totolink EX1800T 9.1.0cu.2112_B20220316 and classified as critical. This vulnerability affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Classic Buffer Overflow
TOTOLINK EX1800T Stack-Based Buffer Overflow in cstecgi.cgi
CVE-2024-12352
9.8 - Critical
- December 09, 2024
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Memory Corruption
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter
CVE-2024-34257
- May 08, 2024
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability
CVE-2023-52026
9.8 - Critical
- January 12, 2024
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the enable parameter of the setDmzCfg interface of the cstecgi .cgi
CVE-2023-51015
9.8 - Critical
- December 22, 2023
TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the enable parameter of the setDmzCfg interface of the cstecgi .cgi
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter of the setLanConfig interface of the cstecgi .cgi
CVE-2023-51014
9.8 - Critical
- December 22, 2023
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter of the setLanConfig interface of the cstecgi .cgi
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the opmode parameter of the setWiFiApConfig interface of the cstecgi .cgi.
CVE-2023-51018
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the opmode parameter of the setWiFiApConfig interface of the cstecgi .cgi.
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the hour parameter of the setRebootScheCfg interface of the cstecgi .cgi.
CVE-2023-51026
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the hour parameter of the setRebootScheCfg interface of the cstecgi .cgi.
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi .cgi.
CVE-2023-51025
9.8 - Critical
- December 22, 2023
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi .cgi.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink Ex1800t Firmware or by Totolink? Click the Watch button to subscribe.
