Vulnerabilities > Totolink > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-31 CVE-2023-7187 Unspecified vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216
A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216.
low complexity
totolink
8.8
2023-12-06 CVE-2023-48859 Incorrect Authorization vulnerability in Totolink A3002Ru Firmware 2.0.0B20190902.1958
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.
network
low complexity
totolink CWE-863
8.8
2023-11-20 CVE-2023-48192 Code Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202
An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function.
local
low complexity
totolink CWE-94
7.8
2023-10-31 CVE-2023-46992 Unspecified vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control.
network
low complexity
totolink
7.5
2023-10-31 CVE-2023-46978 Missing Authentication for Critical Function vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication.
network
low complexity
totolink CWE-306
7.5
2023-10-16 CVE-2023-45985 Out-of-bounds Write vulnerability in Totolink A7000R Firmware and X5000R Firmware
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules.
network
low complexity
totolink CWE-787
7.5
2023-09-04 CVE-2023-4746 Use of Externally-Controlled Format String vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6437B20230519
A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519.
network
low complexity
totolink CWE-134
8.8
2023-07-17 CVE-2023-34669 Unspecified vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.
network
low complexity
totolink
7.5
2023-05-31 CVE-2023-33485 Out-of-bounds Write vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
network
low complexity
totolink CWE-787
8.8
2023-02-03 CVE-2023-24147 Use of Hard-coded Credentials vulnerability in Totolink Ca300-Poe Firmware 6.2C.884
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
network
low complexity
totolink CWE-798
7.5