9
CVEs
5
Critical
3
High
0
KEV
8
PoC
8
Unpatched C/H
0.0%
Patch Rate
1.2%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
3
MEDIUM
1
LOW
0
Monthly CVE Trend
Affected Products (30)
A3002r Firmware
45
A3002ru Firmware
23
Ex1200t Firmware
22
A702r Firmware
22
A950rg Firmware
21
X15 Firmware
20
A3100R Firmware
16
A810R Firmware
14
A3000Ru Firmware
13
N150rt Firmware
13
A800R Firmware
12
Ca600 Poe Firmware
10
A830R Firmware
10
A720R Firmware
9
T10 Firmware
8
A3700r Firmware
8
Nr1800x Firmware
8
Ex1800T Firmware
7
X6000r Firmware
7
X18 Firmware
7
N600r Firmware
6
X5000r Firmware
5
Ca300 Poe Firmware
4
Cp900 Firmware
4
Lr1200Gb Firmware
4
N300rh Firmware
4
X2000r Firmware
3
A7000r Firmware
3
N302r Plus Firmware
2
T6 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-70327 | Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available. | CRITICAL | 9.8 | 2.0% | 71 |
PoC
No patch
|
| CVE-2025-67186 | TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface. | CRITICAL | 9.8 | 0.8% | 70 |
PoC
No patch
|
| CVE-2025-67188 | TOTOLINK A950RG has a third buffer overflow in setRadvdCfg providing yet another RCE vector through the router's IPv6 configuration interface. | CRITICAL | 9.8 | 0.6% | 70 |
PoC
No patch
|
| CVE-2025-67187 | TOTOLINK A950RG has a stack-based buffer overflow in a second endpoint, providing an additional RCE vector through the router's CGI interface. | CRITICAL | 9.8 | 0.2% | 69 |
PoC
No patch
|
| CVE-2025-70328 | X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8). | HIGH | 8.8 | 2.9% | 67 |
PoC
No patch
|
| CVE-2025-70329 | X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0). | HIGH | 8.0 | 0.5% | 61 |
PoC
No patch
|
| CVE-2025-67445 | X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by uncontrolled resource consumption (CVSS 7.5). | HIGH | 7.5 | 0.1% | 58 |
PoC
No patch
|
| CVE-2025-67189 | A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5). | MEDIUM | 6.5 | 0.1% | 53 |
PoC
No patch
|
| CVE-2025-34319 | TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter. | CRITICAL | 9.3 | 3.4% | 50 |
No patch
|