Totolink Nr1800x Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink Nr1800x Firmware.
By the Year
In 2026 there have been 3 vulnerabilities in Totolink Nr1800x Firmware with an average score of 7.1 out of ten. Last year, in 2025 Nr1800x Firmware had 5 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Nr1800x Firmware in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.87
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.13 |
| 2025 | 5 | 9.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 8.80 |
It may take a day or so for new Nr1800x Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink Nr1800x Firmware Security Vulnerabilities
Totolink NR1800X 9.1.0u.6279 Remote Buffer Overflow via setWizardCfg ssid
CVE-2026-1328
8.8 - High
- January 22, 2026
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Classic Buffer Overflow
Totolink NR1800X 9.1.0u Command Injection via POST Handler
CVE-2026-1327
6.3 - Medium
- January 22, 2026
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Command Injection
Command Injection in Totolink NR1800X 9.1.0u via POST Hostname
CVE-2026-1326
6.3 - Medium
- January 22, 2026
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Command Injection
Auth StackOverflow in setWiFiEasyGuestCfg on TOTOLINK NR1800X V9.1.0u
CVE-2025-45845
8.8 - High
- May 08, 2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
Memory Corruption
TOTOLINK NR1800X v9.1.0 Auth SO via ssid in setWiFiBasicCfg
CVE-2025-45844
8.8 - High
- May 08, 2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
Memory Corruption
Auth Stack Overflow in TOLINK NR1800X V9.1.0u via setWiFiGuestCfg SSID
CVE-2025-45843
8.8 - High
- May 08, 2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
Memory Corruption
TOTOLINK NR1800X Stack Overflow via ssid5g (setWiFiEasyCfg) – V9.1.0u
CVE-2025-45842
8.8 - High
- May 08, 2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
Memory Corruption
Auth Stack Overflow in TOTOLINK NR1800X V9.1 via setSmsCfg (CVE-2025-45841)
CVE-2025-45841
9.8 - Critical
- May 08, 2025
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
Memory Corruption
Stack overflow in urldecode (pwd) on TOTOLINK NR1800X v9.1.0u.6681
CVE-2024-35388
- May 24, 2024
TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
TOTOLINK LR350 V9.3.5u.6369_B20220309: Post-Auth Buffer Overflow via setLanguageCfg(lang)
CVE-2022-44256
8.8 - High
- November 23, 2022
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink Nr1800x Firmware or by Totolink? Click the Watch button to subscribe.
