Totolink

A7000r

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-6168

Exploit
  • EPSS 0.1%
  • Veröffentlicht 13.04.2026 06:30:14
  • Zuletzt bearbeitet 27.04.2026 19:05:57

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of...

6.5

CVE-2026-1623

Exploit
  • EPSS 1.38%
  • Veröffentlicht 29.01.2026 20:32:08
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The explo...

6.5

CVE-2026-1601

Exploit
  • EPSS 5.72%
  • Veröffentlicht 29.01.2026 18:32:07
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be ...

8.8

CVE-2026-1548

Exploit
  • EPSS 0.47%
  • Veröffentlicht 28.01.2026 22:32:08
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exp...

9.8

CVE-2026-1547

Exploit
  • EPSS 0.59%
  • Veröffentlicht 28.01.2026 22:02:10
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack r...

7.5

CVE-2025-63153

Exploit
  • EPSS 0.37%
  • Veröffentlicht 10.11.2025 00:00:00
  • Zuletzt bearbeitet 17.11.2025 18:23:11

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

7.5

CVE-2025-63154

Exploit
  • EPSS 0.37%
  • Veröffentlicht 10.11.2025 00:00:00
  • Zuletzt bearbeitet 17.11.2025 18:22:52

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

7.5

CVE-2025-63460

Exploit
  • EPSS 0.4%
  • Veröffentlicht 31.10.2025 17:15:47
  • Zuletzt bearbeitet 05.11.2025 17:30:08

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

7.5

CVE-2025-63461

Exploit
  • EPSS 0.4%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 17:30:00

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

7.5

CVE-2025-63462

Exploit
  • EPSS 0.4%
  • Veröffentlicht 31.10.2025 00:00:00
  • Zuletzt bearbeitet 05.11.2025 17:29:54

Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.