Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2024-8075 TOTOLINK AC1200 T8 setDiagnosisCfg os command injection — AC1200 T8CWE-78 6.3 Medium2024-08-22
CVE-2024-7909 TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow — EX1200LCWE-121 8.8 High2024-08-18
CVE-2024-7908 TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow — EX1200LCWE-121 8.8 High2024-08-18
CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection — X6000RCWE-77 6.3 Medium2024-08-18
CVE-2024-7465 TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow — CP450CWE-120 8.8 High2024-08-05
CVE-2024-7464 TOTOLINK CP900 Telnet Service setTelnetCfg command injection — CP900CWE-77 6.3 Medium2024-08-05
CVE-2024-7463 TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow — CP900CWE-120 8.8 High2024-08-05
CVE-2024-7462 TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow — N350RTCWE-120 8.8 High2024-08-05
CVE-2024-7338 TOTOLINK EX1200L cstecgi.cgi setParentalRules buffer overflow — EX1200LCWE-120 8.8 High2024-08-01
CVE-2024-7337 TOTOLINK EX1200L cstecgi.cgi loginauth buffer overflow — EX1200LCWE-120 8.8 High2024-08-01
CVE-2024-7336 TOTOLINK EX200 cstecgi.cgi loginauth buffer overflow — EX200CWE-120 8.8 High2024-08-01
CVE-2024-7335 TOTOLINK EX200 getSaveConfig buffer overflow — EX200CWE-120 8.8 High2024-08-01
CVE-2024-7334 TOTOLINK EX1200L cstecgi.cgi UploadCustomModule buffer overflow — EX1200LCWE-120 8.8 High2024-08-01
CVE-2024-7333 TOTOLINK N350RT cstecgi.cgi setParentalRules buffer overflow — N350RTCWE-120 8.8 High2024-08-01
CVE-2024-7332 TOTOLINK CP450 Telnet Service product.ini hard-coded password — CP450CWE-259 9.8 Critical2024-08-01
CVE-2024-7331 TOTOLINK A3300R cstecgi.cgi UploadCustomModule buffer overflow — A3300RCWE-120 8.8 High2024-08-01
CVE-2024-7217 TOTOLINK CA300-PoE cstecgi.cgi loginauth buffer overflow — CA300-PoECWE-120 6.3 Medium2024-07-30
CVE-2024-7216 TOTOLINK LR1200 shadow.sample hard-coded password — LR1200CWE-259 2.6 Low2024-07-30
CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection — LR1200CWE-77 6.3 Medium2024-07-30
CVE-2024-7214 TOTOLINK LR350 cstecgi.cgi setWanCfg command injection — LR350CWE-77 6.3 Medium2024-07-30
CVE-2024-7213 TOTOLINK A7000R cstecgi.cgi setWizardCfg buffer overflow — A7000RCWE-120 8.8 High2024-07-30
CVE-2024-7212 TOTOLINK A7000R cstecgi.cgi loginauth buffer overflow — A7000RCWE-120 8.8 High2024-07-30
CVE-2024-7187 TOTOLINK A3600R cstecgi.cgi UploadCustomModule buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7186 TOTOLINK A3600R cstecgi.cgi setWiFiAclAddConfig buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7185 TOTOLINK A3600R cstecgi.cgi setWebWlanIdx buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7184 TOTOLINK A3600R cstecgi.cgi setUrlFilterRules buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7182 TOTOLINK A3600R cstecgi.cgi setUpgradeFW buffer overflow — A3600RCWE-120 8.8 High2024-07-29
CVE-2024-7181 TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection — A3600RCWE-77 6.3 Medium2024-07-29
CVE-2024-7180 TOTOLINK A3600R cstecgi.cgi setPortForwardRules buffer overflow — A3600RCWE-120 8.8 High2024-07-29

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.