Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-6137 TOTOLINK T10 HTTP POST Request cstecgi.cgi setWiFiScheduleCfg buffer overflow — T10CWE-120 8.8 High2025-06-16
CVE-2025-6130 TOTOLINK EX1200T HTTP POST Request formStats buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-6129 TOTOLINK EX1200T HTTP POST Request formSaveConfig buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-6128 TOTOLINK EX1200T HTTP POST Request formWirelessTbl buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-5911 TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow — EX1200TCWE-120 8.8 High2025-06-10
CVE-2025-5910 TOTOLINK EX1200T HTTP POST Request formWsc buffer overflow — EX1200TCWE-120 8.8 High2025-06-10
CVE-2025-5909 TOTOLINK EX1200T HTTP POST Request formReflashClientTbl buffer overflow — EX1200TCWE-120 8.8 High2025-06-10
CVE-2025-5908 TOTOLINK EX1200T HTTP POST Request formIpQoS buffer overflow — EX1200TCWE-120 8.8 High2025-06-10
CVE-2025-5907 TOTOLINK EX1200T HTTP POST Request formFilter buffer overflow — EX1200TCWE-120 8.8 High2025-06-10
CVE-2025-5905 TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow — T10CWE-120 8.8 High2025-06-10
CVE-2025-5904 TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow — T10CWE-120 8.8 High2025-06-10
CVE-2025-5903 TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow — T10CWE-120 8.8 High2025-06-09
CVE-2025-5902 TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow — T10CWE-120 8.8 High2025-06-09
CVE-2025-5901 TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow — T10CWE-120 8.8 High2025-06-09
CVE-2025-5793 TOTOLINK EX1200T HTTP POST Request formPortFw buffer overflow — EX1200TCWE-120 8.8 High2025-06-06
CVE-2025-5792 TOTOLINK EX1200T HTTP POST Request formWlanRedirect buffer overflow — EX1200TCWE-120 8.8 High2025-06-06
CVE-2025-5790 TOTOLINK X15 HTTP POST Request formIpQoS buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5789 TOTOLINK X15 HTTP POST Request formPortFw buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5788 TOTOLINK X15 HTTP POST Request formReflashClientTbl buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5787 TOTOLINK X15 HTTP POST Request formWsc buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5786 TOTOLINK X15 HTTP POST Request formDMZ buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5785 TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5739 TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5738 TOTOLINK X15 HTTP POST Request formStats buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5737 TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5736 TOTOLINK X15 HTTP POST Request formNtp buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5735 TOTOLINK X15 HTTP POST Request formSetLg buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5734 TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow — X15CWE-120 8.8 High2025-06-06
CVE-2025-5672 TOTOLINK N302R Plus HTTP POST Request formFilter buffer overflow — N302R PlusCWE-120 8.8 High2025-06-05
CVE-2025-5671 TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow — N302R PlusCWE-120 8.8 High2025-06-05

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.