Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-45859

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 May, 2025 | 00:00
Updated At-14 May, 2025 | 15:05
Rejected At-
Credits

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 May, 2025 | 00:00
Updated At:14 May, 2025 | 15:05
Rejected At:
▼CVE Numbering Authority (CNA)

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html
N/A
https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/4/overflow.md
N/A
Hyperlink: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html
Resource: N/A
Hyperlink: https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/4/overflow.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 May, 2025 | 15:15
Updated At:16 Jun, 2025 | 18:25

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
TOTOLINK
totolink
>>a3002r_firmware>>4.0.0-b20230531.1404
cpe:2.3:o:totolink:a3002r_firmware:4.0.0-b20230531.1404:*:*:*:*:*:*:*
TOTOLINK
totolink
>>a3002r>>-
cpe:2.3:h:totolink:a3002r:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-120
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/4/overflow.mdcve@mitre.org
Exploit
Third Party Advisory
https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.htmlcve@mitre.org
Product
Hyperlink: https://github.com/Jiangxiazhe/IOT_hack/blob/main/TOTOLINK/A3002R/4/overflow.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.totolink.net/home/menu/detail/menu_listtpl/download/id/258/ids/36.html
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

174Records found
CVE-2025-45864
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.91%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:00
Updated-17 Jun, 2025 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-45866
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.31%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:00
Updated-17 Jun, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-45867
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.91%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:00
Updated-17 Jun, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-7221
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.71%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 14:00
Updated-14 May, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink T6 HTTP POST Request main buffer overflow

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t6t6_firmwareT6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-6906
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.94%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 00:00
Updated-07 May, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A7100RU HTTP POST Request main buffer overflow

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag with the input ie8 leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-a7100rua7100ru_firmwareA7100RU
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-7208
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8||HIGH
EPSS-0.42% / 62.22%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 07:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink X2000R_V2 boa formTmultiAP buffer overflow

A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x2000rx2000r_firmwareX2000R_V2x2000r_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-7222
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 15:31
Updated-14 Nov, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-x2000rx2000r_firmwareX2000R
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-7095
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-14.24% / 94.46%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:31
Updated-02 Aug, 2024 | 08:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A7100RU HTTP POST Request main buffer overflow

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248942 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-TOTOLINK
Product-a7100rua7100ru_firmwareA7100RU
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8575
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 16:31
Updated-09 Sep, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220 and classified as critical. This issue affects the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-28019
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.32% / 54.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 00:00
Updated-06 May, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component

Action-Not Available
Vendor-n/aTOTOLINK
Product-a800ra800r_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-28028
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.32% / 54.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 00:00
Updated-06 May, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3000ru_firmwarea3100ra950rga3100r_firmwarea950rg_firmwarea830r_firmwarea3000rua830rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-28018
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.32% / 54.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 00:00
Updated-06 May, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a800ra800r_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-28022
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.32% / 54.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 00:00
Updated-06 May, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a810r_firmwarea810rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-25524
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.14% / 33.21%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 00:00
Updated-29 Apr, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Action-Not Available
Vendor-n/aTOTOLINK
Product-x6000rx6000r_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-25610
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 00:00
Updated-03 Apr, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-25635
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 00:00
Updated-02 Oct, 2025 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3002r_firmwarea3002rn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-12239
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.58% / 69.25%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 06:32
Updated-27 Oct, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-TOTOLINK
Product-a3300r_firmwarea3300rA3300R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-12240
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.58% / 69.25%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 06:32
Updated-27 Oct, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A3300R cstecgi.cgi setDmzCfg buffer overflow

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a3300r_firmwarea3300rA3300R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-11444
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.45% / 63.63%
||
7 Day CHG-0.16%
Published-08 Oct, 2025 | 08:02
Updated-24 Feb, 2026 | 06:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-n600rn600r_firmwareN600R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-1686
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.17% / 37.97%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 15:02
Updated-23 Feb, 2026 | 09:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Totolink A3600R app.so setAppEasyWizardConfig buffer overflow

A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-TOTOLINK
Product-a3600r_firmwarea3600rA3600R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-31027
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 78.70%
||
7 Day CHG+0.30%
Published-01 Apr, 2026 | 00:00
Updated-07 Apr, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3600ra3600r_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-9781
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.29% / 52.88%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 13:32
Updated-04 Sep, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R formFilter sub_4162DC buffer overflow

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-9782
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.29% / 52.88%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 14:02
Updated-04 Sep, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R formOneKeyAccessButton sub_4466F8 buffer overflow

A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-9779
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.29% / 52.88%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 12:32
Updated-04 Sep, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R formFilter sub_4162DC buffer overflow

A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-9303
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.81% / 74.37%
||
7 Day CHG+0.08%
Published-21 Aug, 2025 | 14:32
Updated-06 Oct, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A720R cstecgi.cgi setParentalRules buffer overflow

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-TOTOLINK
Product-a720r_firmwarea720rA720R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8242
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.54% / 81.58%
||
7 Day CHG+0.12%
Published-27 Jul, 2025 | 21:02
Updated-29 Jul, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formFilter buffer overflow

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15_firmwarex15X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8139
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.45% / 63.94%
||
7 Day CHG+0.03%
Published-25 Jul, 2025 | 08:32
Updated-28 Jul, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R HTTP POST Request formPortFw buffer overflow

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8243
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.10% / 78.23%
||
7 Day CHG+0.08%
Published-27 Jul, 2025 | 21:32
Updated-29 Jul, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formMapDel buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15_firmwarex15X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8245
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.68% / 71.78%
||
7 Day CHG+0.05%
Published-27 Jul, 2025 | 22:32
Updated-29 Jul, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formMultiAPVLAN buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15_firmwarex15X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8244
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.08% / 78.04%
||
7 Day CHG+0.08%
Published-27 Jul, 2025 | 22:02
Updated-29 Jul, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15_firmwarex15X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-7837
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.77% / 73.74%
||
7 Day CHG+0.41%
Published-19 Jul, 2025 | 17:02
Updated-23 Jul, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T6 MQTT Service recvSlaveStaInfo buffer overflow

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this issue is the function recvSlaveStaInfo of the component MQTT Service. The manipulation of the argument dest leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t6_firmwaret6T6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8138
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.68% / 71.72%
||
7 Day CHG+0.05%
Published-25 Jul, 2025 | 08:02
Updated-28 Jul, 2025 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R HTTP POST Request formOneKeyAccessButton buffer overflow

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7913
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.37% / 80.40%
||
7 Day CHG+0.72%
Published-20 Jul, 2025 | 23:32
Updated-23 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T6 MQTT Service updateWifiInfo buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument serverIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t6_firmwaret6T6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7912
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.37% / 80.40%
||
7 Day CHG+0.72%
Published-20 Jul, 2025 | 23:02
Updated-23 Jul, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T6 MQTT Service recvSlaveUpgstatus buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of the argument s leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t6_firmwaret6T6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8170
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.64% / 70.78%
||
7 Day CHG+0.05%
Published-25 Jul, 2025 | 21:02
Updated-07 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T6 MQTT Packet meshSlaveDlfw tcpcheck_net buffer overflow

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t6_firmwaret6T6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8140
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.68% / 71.72%
||
7 Day CHG+0.05%
Published-25 Jul, 2025 | 09:02
Updated-28 Jul, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R HTTP POST Request formWlanMultipleAP buffer overflow

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702r_firmwarea702rA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-7758
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.37% / 80.40%
||
7 Day CHG+0.72%
Published-17 Jul, 2025 | 21:14
Updated-23 Jul, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t6_firmwaret6T6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8573
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.48% / 65.54%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 10:00
Updated-03 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10t8_firmwaret10_firmwaret8AC1200 T8AC1200 T10ac1200_t8_firmwareac1200_t10_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8577
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 18:31
Updated-10 Sep, 2024 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret8t10t8_firmwareAC1200 T10AC1200 T8ac1200_t10_firmwareac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8579
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 19:31
Updated-10 Sep, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow

A vulnerability classified as critical has been found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. This affects the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8578
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 19:00
Updated-09 Sep, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 cstecgi.cgi setWiFiMeshName buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220. It has been rated as critical. Affected by this issue is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument device_name leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8576
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-08 Sep, 2024 | 18:00
Updated-10 Sep, 2024 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. It has been classified as critical. Affected is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t10_firmwaret8t10t8_firmwareAC1200 T10AC1200 T8ac1200_t10_firmwareac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-7462
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 00:00
Updated-15 Aug, 2024 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow

A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-n350rt_firmwaren350rtN350RTn350rt_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-7465
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.32% / 55.28%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 01:31
Updated-15 Aug, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-cp450_firmwarecp450CP450cp450_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8078
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.29% / 52.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 20:31
Updated-13 Dec, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to buffer overflow. The attack can be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8076
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.21% / 43.58%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 20:00
Updated-13 Dec, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Affected by this issue is the function setDiagnosisCfg. The manipulation leads to buffer overflow. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-6824
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.36% / 80.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2025 | 20:00
Updated-01 Jul, 2025 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formParentControl buffer overflow

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15_firmwarex15X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-8079
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.95%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 21:00
Updated-13 Dec, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK AC1200 T8 exportOvpn buffer overflow

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The manipulation leads to buffer overflow. The attack may be initiated remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-t8t8_firmwareAC1200 T8ac1200_t8_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-6825
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.36% / 80.34%
||
7 Day CHG~0.00%
Published-28 Jun, 2025 | 20:31
Updated-08 Jul, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK A702R HTTP POST Request formWlSiteSurvey buffer overflow

A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-a702ra702r_firmwareA702R
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-7463
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-9.94% / 93.11%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 00:31
Updated-15 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-cp900cp900_firmwareCP900cp900_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found