Vulnerabilities > Totolink > N300Rt Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-48860 Unspecified vulnerability in Totolink N300Rt Firmware 3.2.4B20180730.0906
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.
network
low complexity
totolink
critical
9.8
2020-01-27 CVE-2019-19825 Improper Authentication vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass.
network
low complexity
totolink CWE-287
critical
9.8