Skip to main content

TOTOLINK

Vendor security scorecard – 35 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 442
35
CVEs
11
Critical
16
High
0
KEV
30
PoC
27
Unpatched C/H
0.0%
Patch Rate
3.0%
Avg EPSS

Severity Breakdown

CRITICAL
11
HIGH
16
MEDIUM
8
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-52053 TOTOLINK X6000R router firmware V9.4.0cu.1360_B20241207 contains an unauthenticated command injection in the sub_417D74 function via the file_name parameter. Remote attackers can execute arbitrary commands on the router without authentication through crafted HTTP requests. CRITICAL 9.8 66.1% 135
PoC No patch
CVE-2025-61045 Command injection in TOTOLINK X18 via mac parameter. EPSS 3.4%. PoC available. CRITICAL 9.8 3.4% 72
PoC No patch
CVE-2025-61044 Command injection in TOTOLINK X18 via agentName in setEasyMeshAgentCfg. EPSS 2.7%. PoC available. CRITICAL 9.8 2.7% 72
PoC No patch
CVE-2025-70327 Argument injection in TOTOLINK X5000R router v9.1.0cu via setDiagnosisCfg handler allows unauthenticated remote code execution. EPSS 2.0% with PoC available. CRITICAL 9.8 2.0% 71
PoC No patch
CVE-2025-67186 TOTOLINK A950RG router firmware has a buffer overflow in setUrlFilterRules that allows remote attackers to execute code through the router's management interface. CRITICAL 9.8 0.8% 70
PoC No patch
CVE-2025-67188 TOTOLINK A950RG has a third buffer overflow in setRadvdCfg providing yet another RCE vector through the router's IPv6 configuration interface. CRITICAL 9.8 0.6% 70
PoC No patch
CVE-2025-67187 TOTOLINK A950RG has a stack-based buffer overflow in a second endpoint, providing an additional RCE vector through the router's CGI interface. CRITICAL 9.8 0.2% 69
PoC No patch
CVE-2025-70328 X6000R Firmware versions up to 9.4.0cu.1498_b20250826 is affected by os command injection (CVSS 8.8). HIGH 8.8 2.9% 67
PoC No patch
CVE-2025-70329 X5000R Firmware versions up to 9.1.0cu.2415_b20250515 is affected by os command injection (CVSS 8.0). HIGH 8.0 0.5% 61
PoC No patch
CVE-2025-9781 A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.4 0.4% 57
PoC No patch
CVE-2025-67189 A950Rg Firmware versions up to 4.1.2cu.5204_b20210112 is affected by classic buffer overflow (CVSS 6.5). MEDIUM 6.5 0.1% 53
PoC No patch
CVE-2025-34319 TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger command execution via the targetAPSsid request parameter. CRITICAL 9.3 3.4% 50
No patch
CVE-2025-57623 A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. MEDIUM 5.3 0.4% 47
PoC No patch
CVE-2025-52907 Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.4.0cu.1360_B20241207. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. HIGH 7.3 0.4% 37
No patch
CVE-2025-55584 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. MEDIUM 5.3 0.1% –
PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy