Shodan
Vulnerabilities
Vulnerable Software
Totolink:  >> A810r Firmware  Security Vulnerabilities
CVE-2025-4496
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-05-10
CVE-2025-28021
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters
CVSS Score
7.3
EPSS Score
0.002
Published
2025-04-23
CVE-2025-28022
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
CVSS Score
7.3
EPSS Score
0.002
Published
2025-04-23
CVE-2025-28035
TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVSS Score
9.8
EPSS Score
0.047
Published
2025-04-22
CVE-2025-28036
TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
CVSS Score
9.8
EPSS Score
0.047
Published
2025-04-22
CVE-2025-28030
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-04-22
CVE-2025-28031
TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-04-22
CVE-2025-28037
TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.
CVSS Score
9.8
EPSS Score
0.055
Published
2025-04-22
CVE-2025-28024
TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi
CVSS Score
9.8
EPSS Score
0.004
Published
2025-04-22
CVE-2025-28032
TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.
CVSS Score
7.3
EPSS Score
0.003
Published
2025-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved