Skip to main content

Nr1800x Firmware

26 CVEs product

Monthly

CVE-2026-1328 HIGH POC This Week

Buffer overflow in Totolik NR1800X firmware allows authenticated remote attackers to achieve complete system compromise through malformed SSID parameters in the setWizardCfg POST handler. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to remote code execution. This vulnerability requires valid credentials but presents critical risk given the device's network exposure and lack of mitigation options.

Buffer Overflow Nr1800x Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1327 LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2026-1326 LOW POC Monitor

Command injection in Totolik NR1800X firmware allows authenticated remote attackers to execute arbitrary commands through the Hostname parameter in the setWanCfg POST handler. Public exploit code exists for this vulnerability, creating elevated risk despite no patch availability. Affected devices can be compromised to gain full system control with network access and valid credentials.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
2.7%
CVE-2025-60688 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-60686 MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow RCE A720R Firmware +2
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-60684 MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Lr1200Gb Firmware Nr1800x Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-45845 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45844 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45843 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45842 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-45841 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware TOTOLINK
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35388 HIGH This Week

TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Nr1800x Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-7220 CRITICAL POC Act Now

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Nr1800x Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-36340 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-44256 HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-41528 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41527 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41526 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41525 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41524 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41523 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41522 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-41521 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41520 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-41518 CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41517 HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 8.8
HIGH POC This Week

Buffer overflow in Totolik NR1800X firmware allows authenticated remote attackers to achieve complete system compromise through malformed SSID parameters in the setWizardCfg POST handler. Public exploit code is available and no patch has been released, leaving affected devices vulnerable to remote code execution. This vulnerability requires valid credentials but presents critical risk given the device's network exposure and lack of mitigation options.

Buffer Overflow Nr1800x Firmware
NVD VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
EPSS 3% CVSS 2.1
LOW POC Monitor

Command injection in Totolik NR1800X firmware allows authenticated remote attackers to execute arbitrary commands through the Hostname parameter in the setWanCfg POST handler. Public exploit code exists for this vulnerability, creating elevated risk despite no patch availability. Affected devices can be compromised to gain full system control with network access and valid credentials.

Command Injection Nr1800x Firmware
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Denial Of Service Buffer Overflow +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Nr1800x Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Nr1800x Firmware
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the setOpModeCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters in the setParentalRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the setTracerouteCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the setIpPortFilterRules function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the UploadCustomModule function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nr1800x Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nr1800x Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy