Skip to main content

A720R Firmware

21 CVEs product

Monthly

CVE-2025-60686 MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow RCE A720R Firmware +2
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-60685 MEDIUM POC This Month

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE A720R Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-60683 MEDIUM POC THREAT This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
10.3%
CVE-2025-60682 MEDIUM POC This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2025-9303 HIGH POC This Month

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-4271 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-4270 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2025-4269 MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.cgi of the component Log Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-4268 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware TOTOLINK
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-8869 LOW Monitor

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection A720R Firmware
NVD VulDB
CVSS 4.0
2.3
EPSS
1.7%
CVE-2023-23064 CRITICAL Act Now

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-38535 HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-38534 HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2022-36610 HIGH POC This Week

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-36456 HIGH POC This Week

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-35327 CRITICAL POC Act Now

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-35326 HIGH POC This Week

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-35325 HIGH POC THREAT This Week

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption A720R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.3%
CVE-2021-35324 CRITICAL POC THREAT Act Now

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-27710 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-27708 CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
CVSS 3.1
9.8
EPSS
7.6%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +4
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +1
NVD GitHub
EPSS 10% CVSS 6.5
MEDIUM POC THREAT This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.3%.

Command Injection A720R Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC This Month

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A720R Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical.cgi of the component Log Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware TOTOLINK
NVD GitHub VulDB
EPSS 2% CVSS 2.3
LOW Monitor

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection A720R Firmware
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A720R Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A720R Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to download the configuration file via sending a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure A720R Firmware
NVD GitHub
EPSS 13% CVSS 7.5
HIGH POC THREAT This Week

A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 allows attackers to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware A720R Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy