Totolink: Security Vulnerabilities
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function.
CVSS Score
9.8
EPSS Score
0.088
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-13
A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-05-10
A vulnerability classified as problematic was found in TOTOLINK N150RT 3.4.0-B20190525. This vulnerability affects unknown code of the component Virtual Server Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.4
EPSS Score
0.001
Published
2025-05-09
A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-05-09