Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-4731 TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow — A3002RCWE-120 8.8 High2025-05-16
CVE-2025-4730 TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow — A3002RCWE-120 8.8 High2025-05-16
CVE-2025-4729 TOTOLINK A3002R/A3002RU HTTP POST Request formMapDelDevice command injection — A3002RCWE-77 6.3 Medium2025-05-15
CVE-2025-4496 TOTOLINK T10/A3100R/A950RG/A800R/N600R/A3000RU/A810R cstecgi.cgi CloudACMunualUpdate buffer overflow — T10CWE-120 8.8 High2025-05-10
CVE-2025-4462 TOTOLINK N150RT formWsc buffer overflow — N150RTCWE-120 8.8 High2025-05-09
CVE-2025-4461 TOTOLINK N150RT Virtual Server Page cross site scripting — N150RTCWE-79 2.4 Low2025-05-09
CVE-2025-4460 TOTOLINK N150RT URL Filtering Page cross site scripting — N150RTCWE-79 2.4 Low2025-05-09
CVE-2025-4271 TOTOLINK A720R cstecgi.cgi information disclosure — A720RCWE-200 5.3 Medium2025-05-05
CVE-2025-4270 TOTOLINK A720R Config cstecgi.cgi information disclosure — A720RCWE-200 5.3 Medium2025-05-05
CVE-2025-4269 TOTOLINK A720R Log cstecgi.cgi access control — A720RCWE-284 6.5 Medium2025-05-05
CVE-2025-4268 TOTOLINK A720R cstecgi.cgi missing authentication — A720RCWE-306 5.3 Medium2025-05-05
CVE-2025-3996 TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting — N150RTCWE-79 2.4 Low2025-04-28
CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting — N150RTCWE-79 2.4 Low2025-04-28
CVE-2025-3994 TOTOLINK N150RT IP Port Filtering home.htm cross site scripting — N150RTCWE-79 2.4 Low2025-04-28
CVE-2025-3993 TOTOLINK N150RT formWsc buffer overflow — N150RTCWE-120 8.8 High2025-04-28
CVE-2025-3992 TOTOLINK N150RT formWlwds buffer overflow — N150RTCWE-120 8.8 High2025-04-28
CVE-2025-3991 TOTOLINK N150RT formWdsEncrypt buffer overflow — N150RTCWE-120 8.8 High2025-04-27
CVE-2025-3990 TOTOLINK N150RT formVlan buffer overflow — N150RTCWE-120 8.8 High2025-04-27
CVE-2025-3989 TOTOLINK N150RT formStaticDHCP buffer overflow — N150RTCWE-120 8.8 High2025-04-27
CVE-2025-3988 TOTOLINK N150RT formPortFw buffer overflow — N150RTCWE-120 8.8 High2025-04-27
CVE-2025-3987 TOTOLINK N150RT formWsc command injection — N150RTCWE-77 6.3 Medium2025-04-27
CVE-2025-3675 TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3674 TOTOLINK A3700R cstecgi.cgi setUrlFilterRules access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3668 TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3667 TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3666 TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3665 TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3664 TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3663 TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control — A3700RCWE-284 5.3 Medium2025-04-16
CVE-2025-3249 TOTOLINK A6000R mtkwifi.lua apcli_cancel_wps command injection — A6000RCWE-77 6.3 Medium2025-04-04

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.