Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Totolink — Vulnerabilities & Security Advisories 468

Browse all 468 CVE security advisories affecting Totolink. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TOTOLINK operates primarily as a manufacturer of consumer networking hardware, including wireless routers and range extenders, targeting residential and small business markets. Security audits reveal a significant volume of vulnerabilities, with 429 CVEs currently documented, indicating systemic issues in firmware development and code review processes. Historically, the most prevalent flaw classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation bugs, often stemming from inadequate input validation and weak authentication mechanisms in web management interfaces. These defects frequently allow unauthenticated attackers to gain full administrative control or execute arbitrary commands on affected devices. While no single catastrophic global incident has been widely publicized, the sheer quantity of disclosed vulnerabilities suggests a consistent pattern of security negligence. Users are advised to exercise caution, as the vendor’s response to patching these critical flaws has been inconsistent, leaving many deployed units exposed to exploitation.

Top products by Totolink: A8000RU A7100RU A702R X15 A3600R EX1200T A3300R T6 N300RH N200RE AC1200 T8 N150RT LR1200GB A3700R A3002R T10 X6000R N350RT LR350 CA750-PoE A3002RU WA300 EX1800T EX1200L X2000R A7000R NR1800X A720R CA300-PoE X5000R
CVE IDTitleCVSSSeverityPublished
CVE-2026-5688 Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection — A7100RUCWE-78 7.3 High2026-04-06
CVE-2026-5679 Totolink A3300R cstecgi.cgi vsetTr069Cfg os command injection — A3300RCWE-78 5.5 Medium2026-04-06
CVE-2026-5678 Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection — A7100RUCWE-78 7.3 High2026-04-06
CVE-2026-5677 Totolink A7100RU cstecgi.cgi CsteSystem os command injection — A7100RUCWE-78 7.3 High2026-04-06
CVE-2026-5676 Totolink A8000R cstecgi.cgi setLanguageCfg missing authentication — A8000RCWE-306 7.3 High2026-04-06
CVE-2026-5178 Totolink A3300R cstecgi.cgi setIptvCfg command injection — A3300RCWE-77 6.3 Medium2026-03-31
CVE-2026-5177 Totolink A3300R cstecgi.cgi setWiFiBasicCfg command injection — A3300RCWE-77 6.3 Medium2026-03-31
CVE-2026-5176 Totolink A3300R cstecgi.cgi setSyslogCfg command injection — A3300RCWE-77 7.3 High2026-03-31
CVE-2026-5105 Totolink A3300R Parameter cstecgi.cgi setVpnPassCfg command injection — A3300RCWE-77 6.3 Medium2026-03-30
CVE-2026-5104 Totolink A3300R cstecgi.cgi setStaticRoute command injection — A3300RCWE-77 6.3 Medium2026-03-30
CVE-2026-5103 Totolink A3300R cstecgi.cgi setUPnPCfg command injection — A3300RCWE-77 6.3 Medium2026-03-30
CVE-2026-5102 Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection — A3300RCWE-77 6.3 Medium2026-03-30
CVE-2026-5101 Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection — A3300RCWE-77 6.3 Medium2026-03-29
CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection — NR1800XCWE-77 6.3 Medium2026-03-29
CVE-2026-5020 Totolink A3600R Parameter cstecgi.cgi setNoticeCfg command injection — A3600RCWE-77 6.3 Medium2026-03-29
CVE-2026-4976 Totolink LR350 cstecgi.cgi setWiFiGuestCfg buffer overflow — LR350CWE-120 8.8 High2026-03-27
CVE-2026-4611 TOTOLINK X6000R shttpd setLanCfg privilege escalation — X6000RCWE-78 7.2 High2026-03-23
CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection — WA300CWE-78 7.3 High2026-03-20
CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection — N300RHCWE-78 7.3 High2026-03-08
CVE-2026-3301 Totolink N300RH Web Management cstecgi.cgi setWebWlanIdx os command injection — N300RHCWE-78 9.8 Critical2026-02-27
CVE-2026-2167 Totolink WA300 cstecgi.cgi setAPNetwork os command injection — WA300CWE-78 6.3 Medium2026-02-08
CVE-2026-1723 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability — X6000RCWE-78 9.8AICriticalAI2026-01-30
CVE-2026-1686 Totolink A3600R app.so setAppEasyWizardConfig buffer overflow — A3600RCWE-120 8.8 High2026-01-30
CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection — A7000RCWE-77 6.3 Medium2026-01-29
CVE-2026-1601 Totolink A7000R cstecgi.cgi setUploadUserData command injection — A7000RCWE-77 6.3 Medium2026-01-29
CVE-2026-1548 Totolink A7000R cstecgi.cgi CloudACMunualUpdateUserdata command injection — A7000RCWE-77 6.3 Medium2026-01-28
CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection — A7000RCWE-77 6.3 Medium2026-01-28
CVE-2026-1328 Totolink NR1800X POST Request cstecgi.cgi setWizardCfg buffer overflow — NR1800XCWE-120 8.8 High2026-01-22
CVE-2026-1327 Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection — NR1800XCWE-77 6.3 Medium2026-01-22
CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection — NR1800XCWE-77 6.3 Medium2026-01-22

This page lists every published CVE security advisory associated with Totolink. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.