Totolink

A950rg

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
0

CVE-2025-67189

  • EPSS 0.07%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 04.02.2026 16:34:21

A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size s...

0

CVE-2025-67188

  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 04.02.2026 16:34:21

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvd...

9.8

CVE-2025-67187

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 04.02.2026 17:16:10

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length.

9.8

CVE-2025-67186

  • EPSS 0.07%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 04.02.2026 17:16:10

TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing ...

6.5

CVE-2025-60702

Exploit
  • EPSS 0.74%
  • Veröffentlicht 13.11.2025 00:00:00
  • Zuletzt bearbeitet 18.11.2025 01:49:21

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The `setDiagnosisCfg` function retrieves the `ipDoamin` parameter from user input via `websGetVar` and concatenate...

6.5

CVE-2025-60699

Exploit
  • EPSS 1.62%
  • Veröffentlicht 13.11.2025 00:00:00
  • Zuletzt bearbeitet 18.11.2025 01:51:46

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into...

9.8

CVE-2025-44655

  • EPSS 0.29%
  • Veröffentlicht 21.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 17:58:19

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for inter...

9.8

CVE-2025-4496

  • EPSS 0.28%
  • Veröffentlicht 10.05.2025 05:00:10
  • Zuletzt bearbeitet 29.07.2025 14:42:19

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The man...

9.8

CVE-2025-45798

Exploit
  • EPSS 0.44%
  • Veröffentlicht 08.05.2025 20:15:30
  • Zuletzt bearbeitet 19.05.2025 15:08:18

A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.

9.8

CVE-2025-45797

Exploit
  • EPSS 0.28%
  • Veröffentlicht 08.05.2025 20:15:30
  • Zuletzt bearbeitet 16.05.2025 15:36:45

TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.