Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-8243 TOTOLINK X15 HTTP POST Request formMapDel buffer overflow — X15CWE-120 8.8 High2025-07-27
CVE-2025-8242 TOTOLINK X15 HTTP POST Request formFilter buffer overflow — X15CWE-120 8.8 High2025-07-27
CVE-2025-8181 TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation — N600RCWE-272 7.2 High2025-07-26
CVE-2025-8170 TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow — T6CWE-120 8.8 High2025-07-25
CVE-2025-8140 TOTOLINK A702R HTTP POST Request formWlanMultipleAP buffer overflow — A702RCWE-120 8.8 High2025-07-25
CVE-2025-8139 TOTOLINK A702R HTTP POST Request formPortFw buffer overflow — A702RCWE-120 8.8 High2025-07-25
CVE-2025-8138 TOTOLINK A702R HTTP POST Request formOneKeyAccessButton buffer overflow — A702RCWE-120 8.8 High2025-07-25
CVE-2025-8137 TOTOLINK A702R HTTP POST Request formIpQoS buffer overflow — A702RCWE-120 8.8 High2025-07-25
CVE-2025-8136 TOTOLINK A702R HTTP POST Request formFilter buffer overflow — A702RCWE-120 8.8 High2025-07-25
CVE-2025-7952 TOTOLINK T6 MQTT Packet wireless.so ckeckKeepAlive command injection — T6CWE-77 6.3 Medium2025-07-22
CVE-2025-7913 TOTOLINK T6 MQTT Service updateWifiInfo buffer overflow — T6CWE-120 8.8 High2025-07-20
CVE-2025-7912 TOTOLINK T6 MQTT Service recvSlaveUpgstatus buffer overflow — T6CWE-120 8.8 High2025-07-20
CVE-2025-7862 TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication — T6CWE-306 7.3 High2025-07-20
CVE-2025-7837 TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow — T6CWE-120 8.8 High2025-07-19
CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow — T6CWE-120 8.8 High2025-07-17
CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection — T6CWE-77 6.3 Medium2025-07-14
CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection — T6CWE-77 6.3 Medium2025-07-14
CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection — T6CWE-77 6.3 Medium2025-07-14
CVE-2025-7525 TOTOLINK T6 HTTP POST Request cstecgi.cgi setTracerouteCfg command injection — T6CWE-77 6.3 Medium2025-07-13
CVE-2025-7524 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg command injection — T6CWE-77 6.3 Medium2025-07-13
CVE-2025-7460 TOTOLINK T6 HTTP POST Request cstecgi.cgi setWiFiAclRules buffer overflow — T6CWE-120 8.8 High2025-07-11
CVE-2025-7154 TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection — N200RECWE-78 6.3 Medium2025-07-08
CVE-2025-6953 TOTOLINK A3002RU HTTP POST Request formParentControl buffer overflow — A3002RUCWE-120 8.8 High2025-07-01
CVE-2025-6940 TOTOLINK A702R HTTP POST Request formParentControl buffer overflow — A702RCWE-120 8.8 High2025-07-01
CVE-2025-6939 TOTOLINK A3002RU HTTP POST Request formWlSiteSurvey buffer overflow — A3002RUCWE-120 8.8 High2025-07-01
CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication — T6CWE-306 8.8 High2025-06-30
CVE-2025-6825 TOTOLINK A702R HTTP POST Request formWlSiteSurvey buffer overflow — A702RCWE-120 8.8 High2025-06-28
CVE-2025-6824 TOTOLINK X15 HTTP POST Request formParentControl buffer overflow — X15CWE-120 8.8 High2025-06-28
CVE-2025-6627 TOTOLINK A702R HTTP POST Request formIpv6Setup buffer overflow — A702RCWE-120 8.8 High2025-06-25
CVE-2025-6621 TOTOLINK CA300-PoE ap.so QuickSetting os command injection — CA300-PoECWE-78 6.3 Medium2025-06-25

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.