Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow — X5000RCWE-120 8.8 High2026-05-08
CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-05
CVE-2026-7750 Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow — N300RHCWE-120 8.8 High2026-05-04
CVE-2026-7749 Totolink N300RH POST Request cstecgi.cgi setWanConfig buffer overflow — N300RHCWE-120 8.8 High2026-05-04
CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow — N300RHCWE-120 8.8 High2026-05-04
CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow — N300RHCWE-120 9.8 Critical2026-05-04
CVE-2026-7721 Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection — WA300CWE-77 6.3 Medium2026-05-04
CVE-2026-7720 Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection — WA300CWE-77 6.3 Medium2026-05-04
CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow — WA300CWE-120 9.8 Critical2026-05-04
CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection — WA300CWE-77 6.3 Medium2026-05-04
CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow — WA300CWE-120 8.8 High2026-05-04
CVE-2026-7633 Totolink N300RH cstecgi.cgi setUploadSetting file inclusion — N300RHCWE-73 6.5 Medium2026-05-02
CVE-2026-7548 Totolink NR1800X cstecgi.cgi sub_41A68C command injection — NR1800XCWE-77 8.8 High2026-05-01
CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow — NR1800XCWE-121 9.8 Critical2026-05-01
CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection — A8000RUCWE-78 9.8 Critical2026-05-01
CVE-2026-7244 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7243 Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7242 Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7219 Totolink N300RT formIpQoS buffer overflow — N300RTCWE-120 7.2 High2026-04-28
CVE-2026-7218 Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow — N300RTCWE-120 7.2 High2026-04-28
CVE-2026-7204 Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7203 Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection — A8000RUCWE-78 9.8 Critical2026-04-28
CVE-2026-7202 Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7156 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7155 Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7154 Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7153 Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7152 Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.