Totolink N300rt Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink N300rt Firmware.
By the Year
In 2026 there have been 2 vulnerabilities in Totolink N300rt Firmware with an average score of 7.2 out of ten. Last year, in 2025 N300rt Firmware had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.20 |
| 2025 | 1 | 0.00 |
| 2024 | 5 | 0.00 |
It may take a day or so for new N300rt Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink N300rt Firmware Security Vulnerabilities
Totolink N300RT 3.4.0-B20250430: Remote Buffer Overflow via /boafrm/formIpQoS
CVE-2026-7219
7.2 - High
- April 28, 2026
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
Classic Buffer Overflow
Totolink N300RT 3.4.0 buffer overflow in libapmib.so via localPin (remote)
CVE-2026-7218
7.2 - High
- April 28, 2026
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Classic Buffer Overflow
OS Command Injection in TOTOLINK N300RT (V3.4.0-B20250430-) Boa formWsc
CVE-2025-34319
- December 03, 2025
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter.
Shell injection
TOTOLINK N300RT V2.1.8 Stored XSS in Wireless Page Access Control
CVE-2024-32335
- April 18, 2024
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page.
TOTOLINK N300RT V2.1.8 XSS in Firewall IP/Port Filtering
CVE-2024-32334
- April 18, 2024
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page.
Totolink N300RT V2.1.8 XSS in MAC Filter (Firewall Page)
CVE-2024-32333
- April 18, 2024
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page.
TOTOLINK N300RT 2.1.8 Store XSS in WDS Settings
CVE-2024-32332
- April 18, 2024
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page.
Store XSS in TOTOLINK N300RT V2.1.8 Port Forwarding (Firewall)
CVE-2024-32327
- April 18, 2024
TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink N300rt Firmware or by Totolink? Click the Watch button to subscribe.
