Vulnerabilities > Totolink > A720R Firmware

DATE CVE VULNERABILITY TITLE RISK
2025-05-05 CVE-2025-4270 Improper Access Control vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374.
network
low complexity
totolink CWE-284
7.5
7.5
2025-05-05 CVE-2025-4271 Improper Access Control vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374.
network
low complexity
totolink CWE-284
5.3
5.3
2025-05-05 CVE-2025-4268 Missing Authentication for Critical Function vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.
network
low complexity
totolink CWE-306
5.3
5.3
2025-05-05 CVE-2025-4269 Incorrect Privilege Assignment vulnerability in Totolink A720R Firmware 4.1.5Cu.374
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.
network
low complexity
totolink CWE-266
5.3
5.3
2024-09-15 CVE-2024-8869 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5.
network
high complexity
totolink CWE-78
8.1
8.1
2023-02-17 CVE-2023-23064 Incorrect Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.
network
low complexity
totolink CWE-863
critical
 9.8
9.8
2022-09-15 CVE-2022-38534 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.
network
low complexity
totolink CWE-78
7.2
7.2
2022-09-15 CVE-2022-38535 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.
network
low complexity
totolink CWE-78
7.2
7.2
2022-08-29 CVE-2022-36610 Use of Hard-coded Credentials vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
local
low complexity
totolink CWE-798
7.8
7.8
2022-08-25 CVE-2022-36456 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610
TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
local
low complexity
totolink CWE-78
7.8
7.8