Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2024-7179 TOTOLINK A3600R cstecgi.cgi setParentalRules buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7178 TOTOLINK A3600R cstecgi.cgi setMacQos buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7177 TOTOLINK A3600R cstecgi.cgi setLanguageCfg buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7176 TOTOLINK A3600R cstecgi.cgi setIpQosRules buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7175 TOTOLINK A3600R cstecgi.cgi setDiagnosisCfg os command injection — A3600RCWE-78 6.3 Medium2024-07-29
CVE-2024-7174 TOTOLINK A3600R cstecgi.cgi setdeviceName buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7173 TOTOLINK A3600R cstecgi.cgi loginauth buffer overflow — A3600RCWE-120 8.8 High2024-07-28
CVE-2024-7172 TOTOLINK A3600R getSaveConfig buffer overflow — A3600RCWE-120 8.8 High2024-07-28
CVE-2024-7171 TOTOLINK A3600R cstecgi.cgi NTPSyncWithHost os command injection — A3600RCWE-78 6.3 Medium2024-07-28
CVE-2024-7170 TOTOLINK A3000RU product.ini hard-coded password — A3000RUCWE-259 3.5 Low2024-07-28
CVE-2024-7160 TOTOLINK A3700R cstecgi.cgi setWanCfg command injection — A3700RCWE-77 6.3 Medium2024-07-28
CVE-2024-7159 TOTOLINK A3600R Telnet Service product.ini hard-coded password — A3600RCWE-259 5.5 Medium2024-07-28
CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection — A3100RCWE-77 6.3 Medium2024-07-28
CVE-2024-7157 TOTOLINK A3100R getSaveConfig buffer overflow — A3100RCWE-120 8.8 High2024-07-28
CVE-2024-7156 TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure — A3700RCWE-200 5.3 Medium2024-07-28
CVE-2024-7155 TOTOLINK A3300R shadow.sample hard-coded password — A3300RCWE-259 2.5 Low2024-07-28
CVE-2024-7154 TOTOLINK A3700R Password Reset wizard.html access control — A3700RCWE-284 4.3 Medium2024-07-28
CVE-2024-2353 Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection — X6000RCWE-78 8.8 High2024-03-10
CVE-2024-1783 Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow — LR1200GBCWE-121 9.8 Critical2024-02-23
CVE-2024-1781 Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg command injection — X6000R AX3000CWE-77 6.3 Medium2024-02-23
CVE-2024-1661 Totolink X6000R shadow hard-coded credentials — X6000RCWE-798 2.5 Low2024-02-20
CVE-2024-1004 Totolink N200RE cstecgi.cgi loginAuth stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-1003 Totolink N200RE cstecgi.cgi setLanguageCfg stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-1002 Totolink N200RE cstecgi.cgi setIpPortFilterRules stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-1001 Totolink N200RE cstecgi.cgi main stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-1000 Totolink N200RE cstecgi.cgi setTracerouteCfg stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-0999 Totolink N200RE cstecgi.cgi setParentalRules stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-0998 Totolink N200RE cstecgi.cgi setDiagnosisCfg stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-0997 Totolink N200RE cstecgi.cgi setOpModeCfg stack-based overflow — N200RECWE-121 7.2 High2024-01-29
CVE-2024-0944 Totolink T8 cstecgi.cgi session expiration — T8CWE-613 3.7 Low2024-01-26

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.