Skip to main content

A7000r Firmware

32 CVEs product

Monthly

CVE-2026-1623 LOW POC Monitor

Command injection in Totolik A7000R firmware through the setUpgradeFW function allows unauthenticated remote attackers to execute arbitrary commands via a malicious FileName parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The device remains vulnerable as no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
2.1%
CVE-2026-1601 LOW POC Monitor

A7000R Firmware versions up to 4.1cu.4154 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
8.3%
CVE-2026-1548 LOW POC Monitor

Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-1547 LOW POC Monitor

Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

Command Injection A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.8%
CVE-2025-63154 HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow A7000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-63153 HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow A7000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-51452 CRITICAL Act Now

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-7213 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7212 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-28640 HIGH This Week

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
14.2%
CVE-2024-28639 CRITICAL POC Act Now

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-49418 CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49417 CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46510 CRITICAL Act Now

An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45985 HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45984 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36950 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36947 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-32993 CRITICAL POC Act Now

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A7000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-37084 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37083 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-37082 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-37081 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-37080 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37079 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-37078 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Command Injection Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-37077 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37076 HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-37075 HIGH POC This Week

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27005 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
5.5%
CVE-2022-27004 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-27003 CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
EPSS 2% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware through the setUpgradeFW function allows unauthenticated remote attackers to execute arbitrary commands via a malicious FileName parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The device remains vulnerable as no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 8% CVSS 2.1
LOW POC Monitor

A7000R Firmware versions up to 4.1cu.4154 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware (version 4.1cu.4154) via the CloudACManualUpdateUserdata function allows authenticated remote attackers to execute arbitrary commands through a crafted url parameter. Public exploit code exists for this vulnerability and no patch is currently available.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Command injection in Totolik A7000R firmware allows authenticated remote attackers to execute arbitrary commands through the plugin_name parameter in the setUnloadUserData function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid credentials but no user interaction.

Command Injection A7000r Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A7000r Firmware
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
EPSS 14% CVSS 7.5
HIGH This Week

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A7000r Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Command Injection Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7000r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A7000r Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy