Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection — WA300CWE-77 6.3 Medium2026-01-06
CVE-2025-14964 TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow — T10CWE-121 9.8 Critical2025-12-19
CVE-2025-14586 TOTOLINK X5000R cstecgi.cgi snprintf os command injection — X5000RCWE-78 6.3 Medium2025-12-13
CVE-2025-34319 TOTOLINK N300RT <= V2.1.8-B20201030.1539 Boa formWsc RCE — N300RTCWE-78 9.8AICriticalAI2025-12-03
CVE-2025-12260 TOTOLINK A3300R POST Parameter cstecgi.cgi setSyslogCfg stack-based overflow — A3300RCWE-121 8.8 High2025-10-27
CVE-2025-12259 TOTOLINK A3300R POST Parameter cstecgi.cgi setScheduleCfg stack-based overflow — A3300RCWE-121 8.8 High2025-10-27
CVE-2025-12258 TOTOLINK A3300R POST Parameter cstecgi.cg setOpModeCfg stack-based overflow — A3300RCWE-121 8.8 High2025-10-27
CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow — A3300RCWE-121 8.8 High2025-10-27
CVE-2025-12240 TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow — A3300RCWE-120 8.8 High2025-10-27
CVE-2025-12239 TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow — A3300RCWE-120 8.8 High2025-10-27
CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow — N600RCWE-120 8.8 High2025-10-08
CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability — X6000RCWE-78 9.8AICriticalAI2025-09-25
CVE-2025-52907 TOTOLINK X6000R Security Bypass Vulnerability — X6000RCWE-20 9.8AICriticalAI2025-09-24
CVE-2025-52906 TOTOLINK X6000R Command Injection Vulnerability — X6000RCWE-78 9.8AICriticalAI2025-09-24
CVE-2025-52905 TOTOLINK X6000R Argument Injection Vulnerability — X6000RCWE-20 7.5AIHighAI2025-09-23
CVE-2025-9935 TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection — N600RCWE-77 7.3 High2025-09-03
CVE-2025-9934 TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection — X5000RCWE-77 6.3 Medium2025-09-03
CVE-2025-9783 TOTOLINK A702R formParentControl sub_418030 buffer overflow — A702RCWE-120 8.8 High2025-09-01
CVE-2025-9782 TOTOLINK A702R formOneKeyAccessButton sub_4466F8 buffer overflow — A702RCWE-120 8.8 High2025-09-01
CVE-2025-9781 TOTOLINK A702R formFilter sub_4162DC buffer overflow — A702RCWE-120 8.8 High2025-09-01
CVE-2025-9780 TOTOLINK A702R formIpQoS sub_419BE0 buffer overflow — A702RCWE-120 8.8 High2025-09-01
CVE-2025-9779 TOTOLINK A702R formFilter sub_4162DC buffer overflow — A702RCWE-120 8.8 High2025-09-01
CVE-2025-9577 TOTOLINK X2000R Administrative shadow.sample default credentials — X2000RCWE-1392 2.5 Low2025-08-28
CVE-2025-9533 TOTOLINK T10 formLoginAuth.htm improper authentication — T10CWE-287 7.3 High2025-08-27
CVE-2025-9303 TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow — A720RCWE-120 8.8 High2025-08-21
CVE-2025-8938 TOTOLINK N350R Telnet Service formSysTel backdoor — N350RCWE-912 6.3 Medium2025-08-14
CVE-2025-8937 TOTOLINK N350R formSysCmd command injection — N350RCWE-77 6.3 Medium2025-08-14
CVE-2025-8246 TOTOLINK X15 HTTP POST Request formRoute buffer overflow — X15CWE-120 8.8 High2025-07-27
CVE-2025-8245 TOTOLINK X15 HTTP POST Request formMultiAPVLAN buffer overflow — X15CWE-120 8.8 High2025-07-27
CVE-2025-8244 TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow — X15CWE-120 8.8 High2025-07-27

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.