Totolink Ex200 Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink Ex200 Firmware.

By the Year

In 2026 there have been 0 vulnerabilities in Totolink Ex200 Firmware. Ex200 Firmware did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	18	8.80

It may take a day or so for new Ex200 Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Ex200 Firmware Security Vulnerabilities

Command Injection in TOTOLINK EX200 v4.0.3c.7646_B20201211 setUssd
CVE-2024-53333 - November 21, 2024

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter.

TOTOLINK EX200 4.0.3c Remote Buffer Overflow in loginauth (cgi-bin/cstecgi.cgi)
CVE-2024-7336 8.8 - High - August 01, 2024

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

Buffer Overflow via http_host in TOTOLINK EX200 v4.0.3c.7646 (getSaveConfig)
CVE-2024-7335 8.8 - High - August 01, 2024

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

TOTOLINK EX200 V4.0.3c Hardcoded Root Password /etc/shadow.sample
CVE-2024-31810 - May 14, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

Use of Hard-coded Credentials

TOTOLINK EX200 V4.0.3c XSS via ssid
CVE-2024-32325 - April 18, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function.

TOTOLINK EX200 XSS via key param in setWiFiExtenderConfig (v4.0.3c.7646_B20201211)
CVE-2024-32326 - April 18, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function.

TOTOLINK EX200 4.0.3c: Unauthorized CFG Export via /cgi-bin/ExportSettings.sh
CVE-2024-31815 - April 08, 2024

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh

Totolink EX200 v4.0.3c.7646_B20201211 getSysStatusCfg Info Leak
CVE-2024-31817 - April 08, 2024

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg.

TotoLink EX200 V4.0.3c: Telnet PrivEsc via setTelnetCfg
CVE-2024-31805 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function.

DoS via Unauthorized RebootSystem in TOTOLINK EX200 v4.0.3c.7646_B20201211
CVE-2024-31806 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.

RCE in TOTOLINK EX200 V4.0.3c via hostTime in NTPSyncWithHost
CVE-2024-31807 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.

TOTOLINK EX200 V4.0.3c.7646_B20201211 RCE via webWlanIdx
CVE-2024-31808 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.

RCE in Totolink EX200 FW upgrade via FileName (pre-4.0.3c)
CVE-2024-31809 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.

TOTOLINK EX200 V4.0.3c RCE via setLanguageCfg langType
CVE-2024-31811 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.

TOTOLINK EX200 v4.0.3c info leak via getWiFiExtenderConfig
CVE-2024-31812 - April 08, 2024

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.

Authentication bypass in TOTOLINK EX200 v4.0.3c.7646_B20201211
CVE-2024-31813 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default.

Login Bypass on TOTOLINK EX200 V4.0.3c.7646_B20201211 via Form_Login
CVE-2024-31814 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function.

TOTOLINK EX200 V4.0.3c getEasyWizardCfg Info Disclosure
CVE-2024-31816 - April 08, 2024

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink Ex200 Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

Totolink Ex200 Firmware
Product

Totolink Ex200 Firmware

Don't miss out!

By the Year

Recent Totolink Ex200 Firmware Security Vulnerabilities

Command Injection in TOTOLINK EX200 v4.0.3c.7646_B20201211 setUssd CVE-2024-53333 - November 21, 2024

TOTOLINK EX200 4.0.3c Remote Buffer Overflow in loginauth (cgi-bin/cstecgi.cgi) CVE-2024-7336 8.8 - High - August 01, 2024

Buffer Overflow via http_host in TOTOLINK EX200 v4.0.3c.7646 (getSaveConfig) CVE-2024-7335 8.8 - High - August 01, 2024

TOTOLINK EX200 V4.0.3c Hardcoded Root Password /etc/shadow.sample CVE-2024-31810 - May 14, 2024

TOTOLINK EX200 V4.0.3c XSS via ssid CVE-2024-32325 - April 18, 2024

TOTOLINK EX200 XSS via key param in setWiFiExtenderConfig (v4.0.3c.7646_B20201211) CVE-2024-32326 - April 18, 2024

TOTOLINK EX200 4.0.3c: Unauthorized CFG Export via /cgi-bin/ExportSettings.sh CVE-2024-31815 - April 08, 2024

Totolink EX200 v4.0.3c.7646_B20201211 getSysStatusCfg Info Leak CVE-2024-31817 - April 08, 2024

TotoLink EX200 V4.0.3c: Telnet PrivEsc via setTelnetCfg CVE-2024-31805 - April 08, 2024

DoS via Unauthorized RebootSystem in TOTOLINK EX200 v4.0.3c.7646_B20201211 CVE-2024-31806 - April 08, 2024

RCE in TOTOLINK EX200 V4.0.3c via hostTime in NTPSyncWithHost CVE-2024-31807 - April 08, 2024

TOTOLINK EX200 V4.0.3c.7646_B20201211 RCE via webWlanIdx CVE-2024-31808 - April 08, 2024

RCE in Totolink EX200 FW upgrade via FileName (pre-4.0.3c) CVE-2024-31809 - April 08, 2024

TOTOLINK EX200 V4.0.3c RCE via setLanguageCfg langType CVE-2024-31811 - April 08, 2024

TOTOLINK EX200 v4.0.3c info leak via getWiFiExtenderConfig CVE-2024-31812 - April 08, 2024

Authentication bypass in TOTOLINK EX200 v4.0.3c.7646_B20201211 CVE-2024-31813 - April 08, 2024

Login Bypass on TOTOLINK EX200 V4.0.3c.7646_B20201211 via Form_Login CVE-2024-31814 - April 08, 2024

TOTOLINK EX200 V4.0.3c getEasyWizardCfg Info Disclosure CVE-2024-31816 - April 08, 2024