Skip to main content

A3700r Firmware

43 CVEs product

Monthly

CVE-2026-1143 HIGH POC This Week

Buffer overflow in TOTOLIK A3700R firmware version 9.1.2u.5822_B20200513 allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow A3700r Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-3675 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3674 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3668 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3667 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3666 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2025-3665 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3664 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-3663 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513.cgi of the component Password Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
CVSS 4.0
6.9
EPSS
1.6%
CVE-2024-42545 CRITICAL POC Act Now

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42543 CRITICAL POC Act Now

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-7160 MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.0%
CVE-2024-7156 MEDIUM POC THREAT This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
13.3%
CVE-2024-7154 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-37640 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37639 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37637 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37635 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37634 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37633 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37632 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37631 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-22663 CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-22662 CRITICAL POC Act Now

TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-22660 CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-52031 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Information Disclosure A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-52030 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
14.8%
CVE-2023-52029 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-52028 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
20.6%
Threat
4.1
CVE-2023-52027 CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
15.5%
CVE-2023-50147 CRITICAL POC Act Now

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48192 HIGH POC This Week

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE A3700r Firmware
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-46574 CRITICAL POC THREAT Act Now

An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
65.4%
CVE-2023-43141 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36466 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36465 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36464 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36463 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36462 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36461 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-36460 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-36459 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-36458 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
EPSS 0% CVSS 8.8
HIGH POC This Week

Buffer overflow in TOTOLIK A3700R firmware version 9.1.2u.5822_B20200513 allows authenticated remote attackers to achieve complete system compromise through manipulation of the ssid parameter in the WiFi guest configuration function. Public exploit code exists for this vulnerability and no patch is currently available. An attacker with network access and valid credentials can execute arbitrary code with full system privileges.

Buffer Overflow A3700r Firmware
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 2% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513.cgi of the component Password Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware TOTOLINK
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub VulDB
EPSS 13% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A3700r Firmware
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption A3700r Firmware
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Information Disclosure A3700r Firmware
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Privilege Escalation A3700r Firmware
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
EPSS 21% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

Command Injection A3700r Firmware
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Emergency

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection A3700r Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE A3700r Firmware
NVD GitHub VulDB
EPSS 65% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A3700r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A3700r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3700r Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy