288
CVEs
42
Critical
140
High
0
KEV
236
PoC
182
Unpatched C/H
0.0%
Patch Rate
2.0%
Avg EPSS
Severity Breakdown
CRITICAL
42
HIGH
140
MEDIUM
96
LOW
10
Monthly CVE Trend
Affected Products (30)
Command Injection
91
A3002r Firmware
46
A3002ru Firmware
23
A702r Firmware
22
Ex1200t Firmware
22
A950rg Firmware
21
Stack Overflow
21
X15 Firmware
20
A3100R Firmware
16
A810R Firmware
14
N150rt Firmware
14
A3000Ru Firmware
13
A800R Firmware
12
Memory Corruption
10
A830R Firmware
10
A7100Ru
10
Ca600 Poe Firmware
10
T10 Firmware
9
A720R Firmware
9
A3700r Firmware
8
Nr1800x Firmware
8
Ca300 Poe Firmware
8
X18 Firmware
7
Ex1800T Firmware
7
T6 Firmware
7
N600r Firmware
7
X6000r Firmware
7
X5000r Firmware
6
Cp900 Firmware
4
Lr1200Gb Firmware
4
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-52053 | TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests. | CRITICAL | 9.8 | 66.1% | 135 |
PoC
No patch
|
| CVE-2025-25579 | TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%. | CRITICAL | 9.8 | 19.4% | 88 |
PoC
No patch
|
| CVE-2025-45858 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.4%. | CRITICAL | 9.8 | 15.4% | 84 |
PoC
No patch
|
| CVE-2025-28137 | The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | CRITICAL | 9.8 | 11.9% | 81 |
PoC
No patch
|
| CVE-2025-28038 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 8.2% | 77 |
PoC
No patch
|
| CVE-2025-28138 | The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.9% | 77 |
PoC
No patch
|
| CVE-2025-28037 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.5% | 76 |
PoC
No patch
|
| CVE-2025-28039 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.5% | 76 |
PoC
No patch
|
| CVE-2025-28034 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 6.4% | 75 |
PoC
No patch
|
| CVE-2025-28035 | TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 6.4% | 75 |
PoC
No patch
|
| CVE-2025-28036 | TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 6.4% | 75 |
PoC
No patch
|
| CVE-2025-61045 | Command injection in TOTOLINK X18 via mac parameter. EPSS 3.4%. PoC available. | CRITICAL | 9.8 | 3.4% | 72 |
PoC
No patch
|
| CVE-2025-61044 | Command injection in TOTOLINK X18 via agentName in setEasyMeshAgentCfg. EPSS 2.7%. PoC available. | CRITICAL | 9.8 | 2.7% | 72 |
PoC
No patch
|
| CVE-2025-70327 | Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available. | CRITICAL | 9.8 | 2.0% | 71 |
PoC
No patch
|
| CVE-2025-29209 | TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.6% | 71 |
PoC
No patch
|