Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2026-7140 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7139 Totolink A8000RU CGI cstecgi.cgi setWiFiAclRules os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7138 Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7137 Totolink A8000RU CGI cstecgi.cgi setStorageCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7136 Totolink A8000RU CGI cstecgi.cgi setDmzCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7125 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7124 Totolink A8000RU CGI cstecgi.cgi setIpv6LanCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7122 Totolink A8000RU CGI cstecgi.cgi setUPnPCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7121 Totolink A8000RU CGI cstecgi.cgi setWizardCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-27
CVE-2026-7037 Totolink A8000RU CGI cstecgi.cgi setVpnPassCfg os command injection — A8000RUCWE-78 9.8 Critical2026-04-26
CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6194 Totolink A3002MU HTTP Request formWlanSetup sub_410188 stack-based overflow — A3002MUCWE-121 8.8 High2026-04-13
CVE-2026-6168 TOTOLINK A7000R cstecgi.cgi setWiFiEasyGuestCfg stack-based overflow — A7000RCWE-121 8.8 High2026-04-13
CVE-2026-6158 Totolink N300RH upgrade.so setUpgradeUboot os command injection — N300RHCWE-78 7.3 High2026-04-13
CVE-2026-6157 Totolink A800R app.so setAppEasyWizardConfig buffer overflow — A800RCWE-120 8.8 High2026-04-13
CVE-2026-6156 Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6155 Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6154 Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6138 Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-13
CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6131 Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6116 Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6115 Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6114 Totolink A7100RU CGI cstecgi.cgi setNetworkCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6113 Totolink A7100RU CGI cstecgi.cgi setTtyServiceCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6112 Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-12
CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection — A7100RUCWE-78 9.8 Critical2026-04-10

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.