Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

TOTOLINK — Vulnerabilities & Security Advisories 469

Browse all 469 CVE security advisories affecting TOTOLINK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

CVE IDTitleCVSSSeverityPublished
CVE-2026-44089 Buffer Overflow in Totolink EX1200L router — EX1200LCWE-121--2026-06-23
CVE-2026-11620 TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation — EX200CWE-272 5.3 Medium2026-06-09
CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation — CP450CWE-272 4.3 Medium2026-06-08
CVE-2026-11494 TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation — AC1200 T8CWE-272 4.3 Medium2026-06-08
CVE-2026-10187 Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow — N300RHCWE-121 9.8 Critical2026-05-31
CVE-2026-9543 Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os command injection — N300RHCWE-78 9.8 Critical2026-05-26
CVE-2026-9534 Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection — CA750-PoECWE-78 6.3 Medium2026-05-26
CVE-2026-9533 Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os command injection — CA750-PoECWE-78 6.3 Medium2026-05-26
CVE-2026-9532 Totolink CA750-PoE Setting cstecgi.cgi setUploadUserData os command injection — CA750-PoECWE-78 6.3 Medium2026-05-26
CVE-2026-9531 Totolink CA750-PoE Setting cstecgi.cgi setUpgradeUboot os command injection — CA750-PoECWE-78 6.3 Medium2026-05-26
CVE-2026-9515 Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection — CA750-PoECWE-78 6.3 Medium2026-05-25
CVE-2026-9514 Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os command injection — CA750-PoECWE-78 6.3 Medium2026-05-25
CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection — CA750-PoECWE-78 6.3 Medium2026-05-25
CVE-2026-9512 Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection — CA750-PoECWE-78 6.3 Medium2026-05-25
CVE-2026-9511 Totolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injection — CA750-PoECWE-78 6.3 Medium2026-05-25
CVE-2026-9478 Totolink A8000RU Web Management cstecgi.cgi setParentalRules os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9477 Totolink A8000RU Web Management cstecgi.cgi setAccessDeviceCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9476 Totolink A8000RU Web Management cstecgi.cgi setPasswordCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9475 Totolink A8000RU Web Management cstecgi.cgi setIpQosRules os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9458 Totolink A8000RU Web Management cstecgi.cgi setWanCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9456 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9455 Totolink A8000RU Web Management cstecgi.cgi UploadOpenVpnCert os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9454 Totolink A8000RU Web Management cstecgi.cgi setOpenVpnCertGenerationCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9435 Totolink A8000RU Web Management cstecgi.cgi setQosCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9434 Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9433 Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection — A8000RUCWE-78 9.8 Critical2026-05-25
CVE-2026-9408 Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection — A8000RUCWE-78 9.8 Critical2026-05-25

This page lists every published CVE security advisory associated with TOTOLINK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.