Totolink: >> A950rg Firmware >> 4.1.2cu.5204_b20210112 Security Vulnerabilities
TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-05-08
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2025-05-08
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-05-02
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-29
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.
CVSS Score
9.8
EPSS Score
0.852
Published
2022-02-24