Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TOTOLINK — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by TOTOLINK: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-5600 TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow — EX1200TCWE-121 9.8 Critical2025-06-04
CVE-2025-5543 TOTOLINK X2000R Parent Controls Page cross site scripting — X2000RCWE-79 2.4 Low2025-06-03
CVE-2025-5542 TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting — X2000RCWE-79 2.4 Low2025-06-03
CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting — X2000RCWE-79 2.4 Low2025-06-03
CVE-2025-5515 TOTOLINK X2000R formMapDel command injection — X2000RCWE-77 6.3 Medium2025-06-03
CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting — A3002RUCWE-79 2.4 Low2025-06-03
CVE-2025-5507 TOTOLINK A3002RU MAC Filtering Page cross site scripting — A3002RUCWE-79 2.4 Low2025-06-03
CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting — A3002RUCWE-79 2.4 Low2025-06-03
CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting — A3002RUCWE-79 2.4 Low2025-06-03
CVE-2025-5504 TOTOLINK X2000R formWsc command injection — X2000RCWE-77 6.3 Medium2025-06-03
CVE-2025-5503 TOTOLINK X15 formMapReboot stack-based overflow — X15CWE-121 8.8 High2025-06-03
CVE-2025-5502 TOTOLINK X15 formMapReboot command injection — X15CWE-77 6.3 Medium2025-06-03
CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting — A3002RCWE-79 2.4 Low2025-05-18
CVE-2025-4851 TOTOLINK N300RH cstecgi.cgi setUploadUserData command injection — N300RHCWE-77 6.3 Medium2025-05-18
CVE-2025-4850 TOTOLINK N300RH cstecgi.cgi setUnloadUserData command injection — N300RHCWE-77 6.3 Medium2025-05-18
CVE-2025-4849 TOTOLINK N300RH cstecgi.cgi CloudACMunualUpdateUserdata command injection — N300RHCWE-77 6.3 Medium2025-05-18
CVE-2025-4835 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWlanRedirect buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4834 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSetLg buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4833 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formNtp buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4832 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDosCfg buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4831 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSiteSurveyProfile buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4830 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSysCmd buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4829 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formStats sub_40BE30 buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4827 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formSaveConfig buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4826 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWirelessTbl buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4825 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formDMZ buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4824 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formWsc buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4823 TOTOLINK A702R/A3002R/A3002RU HTTP POST Request formReflashClientTbl submit-url buffer overflow — A702RCWE-120 8.8 High2025-05-17
CVE-2025-4733 TOTOLINK A3002R/A3002RU HTTP POST Request formIpQoS buffer overflow — A3002RCWE-120 8.8 High2025-05-16
CVE-2025-4732 TOTOLINK A3002R/A3002RU HTTP POST Request formFilter buffer overflow — A3002RCWE-120 8.8 High2025-05-16

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.