Vulnerabilities > Totolink > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-45740 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function.
network
low complexity
totolink
critical
9.8
2022-02-04 CVE-2021-45742 Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function.
network
low complexity
totolink CWE-77
critical
9.8
2022-01-04 CVE-2021-43711 Command Injection vulnerability in Totolink Ex200 Firmware 4.0.3C.7646B20201211
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters.
network
low complexity
totolink CWE-77
critical
9.8
2021-08-05 CVE-2021-35324 Unspecified vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication.
network
low complexity
totolink
critical
9.8
2021-08-05 CVE-2021-35327 Missing Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.470B20200911
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request.
network
low complexity
totolink CWE-862
critical
9.8
2021-04-14 CVE-2021-27710 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
9.8
2021-04-14 CVE-2021-27708 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
9.8
2020-11-24 CVE-2015-9551 Unspecified vulnerability in Totolink products
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices.
network
low complexity
totolink
critical
9.8
2020-01-27 CVE-2019-19825 Improper Authentication vulnerability in Totolink products
On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass.
network
low complexity
totolink CWE-287
critical
9.8
2018-11-27 CVE-2018-13316 OS Command Injection vulnerability in Totolink A3002Ru Firmware 1.0.8
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
network
low complexity
totolink CWE-78
critical
9.8