Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-2955 TOTOLINK A3000RU IBMS Configuration File ExportIbmsConfig.sh access control — A3000RUCWE-284 5.3 Medium2025-03-30
CVE-2025-2688 TOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access control — A3000RUCWE-284 4.3 Medium2025-03-24
CVE-2025-2370 TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow — EX1800TCWE-121 8.8 High2025-03-17
CVE-2025-2369 TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow — EX1800TCWE-121 8.8 High2025-03-17
CVE-2025-2097 TOTOLINK EX1800T cstecgi.cgi setRptWizardCfg stack-based overflow — EX1800TCWE-121 8.8 High2025-03-07
CVE-2025-2096 TOTOLINK EX1800T cstecgi.cgi setRebootScheCfg os command injection — EX1800TCWE-78 6.3 Medium2025-03-07
CVE-2025-2095 TOTOLINK EX1800T cstecgi.cgi setDmzCfg os command injection — EX1800TCWE-78 6.3 Medium2025-03-07
CVE-2025-2094 TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig os command injection — EX1800TCWE-78 6.3 Medium2025-03-07
CVE-2025-1852 Totolink EX1800T cstecgi.cgi loginAuth buffer overflow — EX1800TCWE-120 8.8 High2025-03-03
CVE-2025-1829 TOTOLINK X18 cstecgi.cgi setMtknatCfg os command injection — X18CWE-78 6.3 Medium2025-03-02
CVE-2025-1340 TOTOLINK X18 cstecgi.cgi setPasswordCfg stack-based overflow — X18CWE-121 8.8 High2025-02-16
CVE-2025-1339 TOTOLINK X18 cstecgi.cgi setL2tpdConfig os command injection — X18CWE-78 6.3 Medium2025-02-16
CVE-2024-12352 TOTOLINK EX1800T cstecgi.cgi sub_40662C stack-based overflow — EX1800TCWE-121 4.3 Medium2024-12-09
CVE-2024-10966 TOTOLINK X18 cstecgi.cgi os command injection — X18CWE-78 6.3 Medium2024-11-07
CVE-2024-10654 TOTOLINK LR350 formLoginAuth.htm authorization — LR350CWE-639 5.3 Medium2024-11-01
CVE-2024-9001 TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection — T10CWE-78 6.3 Medium2024-09-19
CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection — A720RCWE-78 5.0 Medium2024-09-15
CVE-2024-8580 TOTOLINK AC1200 T8 shadow.sample hard-coded password — AC1200 T8CWE-259 8.1 High2024-09-08
CVE-2024-8579 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8578 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiMeshName buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8577 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8576 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8575 TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8574 TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection — AC1200 T8CWE-78 6.3 Medium2024-09-08
CVE-2024-8573 TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow — AC1200 T8CWE-120 8.8 High2024-09-08
CVE-2024-8162 TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials — T10 AC1200CWE-798 9.8 Critical2024-08-26
CVE-2024-8079 TOTOLINK AC1200 T8 exportOvpn buffer overflow — AC1200 T8CWE-120 8.8 High2024-08-22
CVE-2024-8078 TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow — AC1200 T8CWE-120 8.8 High2024-08-22
CVE-2024-8077 TOTOLINK AC1200 T8 setTracerouteCfg os command injection — AC1200 T8CWE-78 6.3 Medium2024-08-22
CVE-2024-8076 TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow — AC1200 T8CWE-120 8.8 High2024-08-22

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.