Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 430

Browse all 430 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A7100RU A702R A8000RU X15 A3600R EX1200T A3300R T6 N200RE N150RT LR1200GB AC1200 T8 N300RH A3700R A3002R T10 X6000R N350RT LR350 A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R X18
CVE IDTitleCVSSSeverityPublished
CVE-2025-6620 TOTOLINK CA300-PoE upgrade.so setUpgradeUboot os command injection — CA300-PoECWE-78 6.3 Medium2025-06-25
CVE-2025-6619 TOTOLINK CA300-PoE upgrade.so setUpgradeFW os command injection — CA300-PoECWE-78 6.3 Medium2025-06-25
CVE-2025-6618 TOTOLINK CA300-PoE wps.so SetWLanApcliSettings os command injection — CA300-PoECWE-78 6.3 Medium2025-06-25
CVE-2025-6568 TOTOLINK EX1200T HTTP POST Request formIpv6Setup buffer overflow — EX1200TCWE-120 8.8 High2025-06-24
CVE-2025-6487 TOTOLINK A3002R formRoute stack-based overflow — A3002RCWE-121 8.8 High2025-06-22
CVE-2025-6486 TOTOLINK A3002R formWlanMultipleAP stack-based overflow — A3002RCWE-121 8.8 High2025-06-22
CVE-2025-6485 TOTOLINK A3002R formWlSiteSurvey os command injection — A3002RCWE-78 6.3 Medium2025-06-22
CVE-2025-6402 TOTOLINK X15 HTTP POST Request formIpv6Setup buffer overflow — X15CWE-120 8.8 High2025-06-21
CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service — N300RHCWE-404 3.5 Low2025-06-21
CVE-2025-6400 TOTOLINK N300RH HTTP POST Message formPortFw buffer overflow — N300RHCWE-120 8.8 High2025-06-21
CVE-2025-6399 TOTOLINK X15 HTTP POST Request formIPv6Addr buffer overflow — X15CWE-120 8.8 High2025-06-21
CVE-2025-6393 TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow — A702RCWE-120 8.8 High2025-06-21
CVE-2025-6337 TOTOLINK A3002R/A3002RU HTTP POST Request formTmultiAP buffer overflow — A3002RCWE-120 8.8 High2025-06-20
CVE-2025-6336 TOTOLINK EX1200T HTTP POST Request formTmultiAP buffer overflow — EX1200TCWE-120 8.8 High2025-06-20
CVE-2025-6302 TOTOLINK EX1200T cstecgi.cgi setStaticDhcpConfig stack-based overflow — EX1200TCWE-121 8.8 High2025-06-20
CVE-2025-6299 TOTOLINK N150RT formWSC os command injection — N150RTCWE-78 4.7 Medium2025-06-20
CVE-2025-6165 TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow — X15CWE-120 8.8 High2025-06-17
CVE-2025-6164 TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow — A3002RCWE-120 8.8 High2025-06-17
CVE-2025-6163 TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow — A3002RUCWE-120 8.8 High2025-06-17
CVE-2025-6162 TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow — EX1200TCWE-120 8.8 High2025-06-17
CVE-2025-6150 TOTOLINK X15 HTTP POST Request formMultiAP buffer overflow — X15CWE-120 8.8 High2025-06-17
CVE-2025-6149 TOTOLINK A3002R HTTP POST Request formSysLog buffer overflow — A3002RCWE-120 8.8 High2025-06-17
CVE-2025-6148 TOTOLINK A3002RU HTTP POST Request formSysLog buffer overflow — A3002RUCWE-120 8.8 High2025-06-17
CVE-2025-6147 TOTOLINK A702R HTTP POST Request formSysLog buffer overflow — A702RCWE-120 8.8 High2025-06-17
CVE-2025-6146 TOTOLINK X15 HTTP POST Request formSysLog buffer overflow — X15CWE-120 8.8 High2025-06-16
CVE-2025-6145 TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-6144 TOTOLINK EX1200T HTTP POST Request formSysCmd buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-6143 TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow — EX1200TCWE-120 8.8 High2025-06-16
CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password — T10CWE-259 3.9 Low2025-06-16
CVE-2025-6138 TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow — T10CWE-120 8.8 High2025-06-16

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.