Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2024-0943 Totolink N350RT cstecgi.cgi session expiration — N350RTCWE-613 3.7 Low2024-01-26
CVE-2024-0942 Totolink N200RE V5 cstecgi.cgi session expiration — N200RE V5CWE-613 3.7 Low2024-01-26
CVE-2024-0579 Totolink X2000R formMapDelDevice command injection — X2000RCWE-77 6.3 Medium2024-01-16
CVE-2024-0578 Totolink LR1200GB cstecgi.cgi UploadCustomModule stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0577 Totolink LR1200GB cstecgi.cgi setLanguageCfg stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0576 Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0575 Totolink LR1200GB cstecgi.cgi setTracerouteCfg stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0574 Totolink LR1200GB cstecgi.cgi setParentalRules stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0573 Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0572 Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0571 Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow — LR1200GBCWE-121 8.8 High2024-01-16
CVE-2024-0570 Totolink N350RT Setting cstecgi.cgi access control — N350RTCWE-284 7.3 High2024-01-16
CVE-2024-0569 Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure — T8CWE-200 4.3 Medium2024-01-16
CVE-2023-7223 Totolink T6 cstecgi.cgi access control — T6CWE-284 5.3 Medium2024-01-09
CVE-2023-7222 Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow — X2000RCWE-120 7.2 High2024-01-09
CVE-2023-7221 Totolink T6 HTTP POST Request main buffer overflow — T6CWE-120 9.8 Critical2024-01-09
CVE-2023-7220 Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow — NR1800XCWE-121 9.8 Critical2024-01-09
CVE-2023-7219 Totolink N350RT cstecgi.cgi loginAuth stack-based overflow — N350RTCWE-121 7.2 High2024-01-09
CVE-2023-7218 Totolink N350RT cstecgi.cgi loginAuth stack-based overflow — N350RTCWE-121 7.2 High2024-01-08
CVE-2024-0299 Totolink N200RE cstecgi.cgi setTracerouteCfg os command injection — N200RECWE-78 7.3 High2024-01-08
CVE-2024-0298 Totolink N200RE cstecgi.cgi setDiagnosisCfg os command injection — N200RECWE-78 7.3 High2024-01-08
CVE-2024-0297 Totolink N200RE cstecgi.cgi UploadFirmwareFile os command injection — N200RECWE-78 7.3 High2024-01-08
CVE-2024-0296 Totolink N200RE cstecgi.cgi NTPSyncWithHost os command injection — N200RECWE-78 7.3 High2024-01-08
CVE-2024-0295 Totolink LR1200GB cstecgi.cgi setWanCfg os command injection — LR1200GBCWE-78 7.3 High2024-01-08
CVE-2024-0294 Totolink LR1200GB cstecgi.cgi setUssd os command injection — LR1200GBCWE-78 7.3 High2024-01-08
CVE-2024-0293 Totolink LR1200GB cstecgi.cgi setUploadSetting os command injection — LR1200GBCWE-78 6.3 Medium2024-01-08
CVE-2024-0292 Totolink LR1200GB cstecgi.cgi setOpModeCfg os command injection — LR1200GBCWE-78 6.3 Medium2024-01-08
CVE-2024-0291 Totolink LR1200GB cstecgi.cgi UploadFirmwareFile command injection — LR1200GBCWE-77 6.3 Medium2024-01-08
CVE-2023-7214 Totolink N350RT HTTP POST Request main stack-based overflow — N350RTCWE-121 6.3 Medium2024-01-07
CVE-2023-7213 Totolink N350RT HTTP POST Request main stack-based overflow — N350RTCWE-121 6.3 Medium2024-01-07

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.