Skip to main content

N600r Firmware

31 CVEs product

Monthly

CVE-2025-57623 MEDIUM POC This Month

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-51390 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2025-46060 CRITICAL POC Act Now

Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.

Buffer Overflow RCE N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-4496 HIGH This Week

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3000Ru Firmware A810R Firmware T10 Firmware A3100R Firmware +4
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-22903 MEDIUM POC This Month

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-22900 CRITICAL POC Act Now

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-43141 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-36613 HIGH POC This Week

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N600r Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-29399 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29398 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29397 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29396 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29395 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29394 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29393 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29392 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-29391 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-28913 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28912 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28911 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28910 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28909 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28908 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28907 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28906 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-28905 CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-27411 CRITICAL POC Act Now

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2022-26189 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26188 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-26187 CRITICAL POC THREAT Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
19.6%
CVE-2022-26186 CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
CVSS 3.1
9.8
EPSS
4.0%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference N600r Firmware +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Critical remote code execution vulnerability in TOTOLINK N600R router firmware v4.3.0cu.7866_B2022506, exploitable through a buffer overflow in the UPLOAD_FILENAME parameter without authentication. An unauthenticated remote attacker can execute arbitrary code with no user interaction required, achieving complete system compromise with CVSS 9.8 severity. KEV status and active exploitation data unavailable from provided sources; EPSS probability should be assumed high given unauthenticated network attack vector and critical impact.

Buffer Overflow RCE N600r Firmware
NVD GitHub
EPSS 1% CVSS 8.7
HIGH This Week

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow A3000Ru Firmware A810R Firmware +6
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM POC This Month

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N600r Firmware +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N600r Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy