Skip to main content

TOTOLINK

Vendor security scorecard – 7 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 130
7
CVEs
4
Critical
2
High
0
KEV
7
PoC
6
Unpatched C/H
0.0%
Patch Rate
1.0%
Avg EPSS

Severity Breakdown

CRITICAL
4
HIGH
2
MEDIUM
1
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-70327 Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available. CRITICAL 9.8 2.0% 71
PoC No patch
CVE-2025-67186 TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface. CRITICAL 9.8 0.8% 70
PoC No patch
CVE-2025-67188 TOTOLINK A950RG has a third buffer overflow in setRadvdCfg providing yet another RCE vector through the router's IPv6 configuration interface. CRITICAL 9.8 0.6% 70
PoC No patch
CVE-2025-67187 TOTOLINK A950RG has a stack-based buffer overflow in a second endpoint, providing an additional RCE vector through the router's CGI interface. CRITICAL 9.8 0.2% 69
PoC No patch
CVE-2025-70328 X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8). HIGH 8.8 2.9% 67
PoC No patch
CVE-2025-70329 X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0). HIGH 8.0 0.5% 61
PoC No patch
CVE-2025-67189 A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5). MEDIUM 6.5 0.1% 53
PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy