totolink

1,194 tracked vulnerabilities.

CVE-2026-26731 HIGH
TOTOLINK A3002RU V2.1.1-B20211108.1455 - Buffer Overflow
Feb 17, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2167 MEDIUM
Totolink WA300 5.2cu.7112_B20190227 - OS Command Injection via Ipaddr Parameter in setAPNetwork Function
Feb 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-1723 CRITICAL
TOTOLINK X6000R -<9.4.0cu.1498_B20250826 - Code Injection
Jan 30, 2026
EPSS 0.01
CVE-2026-1686 HIGH
Totolink A3600R 5.9c.4959 - Buffer Overflow via setAppEasyWizardConfig apcliSsid Argument
Jan 30, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1623 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Code Execution via setUpgradeFW FileName Parameter
Jan 29, 2026
CVSS 6.3
EPSS 0.01
CVE-2026-1601 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via setUploadUserData FileName Parameter
Jan 29, 2026
CVSS 6.3
EPSS 0.06
CVE-2026-1548 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via CloudACMunualUpdateUserdata URL Parameter
Jan 28, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-1547 MEDIUM
Totolink A7000R 4.1cu.4154 - Remote Command Injection via setUnloadUserData plugin_name Parameter
Jan 28, 2026
CVSS 6.3
EPSS 0.01
CVE-2026-1328 HIGH
Totolink NR1800X 9.1.0u.6279_B20210910 - Buffer Overflow via setWizardCfg POST Parameter
Jan 22, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1327 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via setTracerouteCfg POST Parameter
Jan 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-1326 MEDIUM
Totolink NR1800X 9.1.0u.6279_B20210910 - OS Command Injection via Hostname Parameter in setWanCfg
Jan 22, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-1158 HIGH
Totolink LR350 9.3.5u.6369_B20220309 - Buffer Overflow via setWizardCfg SSID Parameter
Jan 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1157 HIGH
Totolink LR350 9.3.5u.6369_B20220309 - Buffer Overflow via setWiFiEasyCfg ssid Parameter
Jan 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1156 HIGH
Totolink LR350 9.3.5u.6369_B20220309 - Buffer Overflow via setWiFiBasicCfg SSID Parameter
Jan 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1155 HIGH
Totolink LR350 9.3.5u.6369_B20220309 - Buffer Overflow via setWiFiEasyGuestCfg ssid Parameter
Jan 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1150 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - Command Injection via setTracerouteCfg POST Parameter
Jan 19, 2026
CVSS 6.3
EPSS 0.02
CVE-2026-1149 MEDIUM
Totolink LR350 9.3.5u.6369_B20220309 - OS Command Injection via setDiagnosisCfg ip Parameter
Jan 19, 2026
CVSS 6.3
EPSS 0.02
CVE-2026-1143 HIGH
TOTOLINK A3700R 9.1.2u.5822_B20200513 - Buffer Overflow via setWiFiEasyGuestCfg ssid Parameter
Jan 19, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0731 MEDIUM
TOTOLINK WA1200 5.9c.2914 - Null Pointer Dereference in HTTP Request Handler
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-0641 MEDIUM
TOTOLINK WA300 5.2cu.7112_B20190227 - OS Command Injection via UPLOAD_FILENAME Argument
Jan 06, 2026
CVSS 6.3
EPSS 0.02
CVE-2025-67445 HIGH
TOTOLINK X5000R V9.1.0cu.2415_B20250515 - DoS
Feb 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-70328 HIGH
TOTOLINK X6000R v9.4.0cu.1498_B20250826 - Command Injection
Feb 23, 2026
CVSS 8.8
EPSS 0.03
CVE-2025-70327 CRITICAL
TOTOLINK X5000R v9.1.0cu_2415_B20250515 - Command Injection
Feb 23, 2026
CVSS 9.8
EPSS 0.03
CVE-2025-70329 HIGH
TOTOLink X5000R v9.1.0cu_2415_B20250515 - Command Injection
Feb 23, 2026
CVSS 8.0
EPSS 0.01
CVE-2025-67189 MEDIUM
TOTOLINK A950RG V4.1.2cu.5204_B20210112 - Buffer Overflow via setParentalRules urlKeyword Parameter
Feb 03, 2026
CVSS 6.5
EPSS 0.00
Products
x5000r_firmware 70 a3002r_firmware 61 x6000r_firmware 57 a3300r_firmware 55 a3002ru_firmware 49 a3100r_firmware 47 x2000r_firmware 45 a3700r_firmware 43 A7100RU 40 t6_firmware 39 n600r_firmware 38 a7100ru_firmware 37 ex1200t_firmware 37 lr350_firmware 36 a7000r_firmware 35 A8000RU 34 a950rg_firmware 33 a702r_firmware 32 a810r_firmware 29 a720r_firmware 28 ex1800t_firmware 28 nr1800x_firmware 27 t8_firmware 26 a3000ru_firmware 25 a3600r_firmware 25 a830r_firmware 25 x15_firmware 25 ca300-poe_firmware 24 a800r_firmware 23 t10_firmware 22
Quick Filters
Critical CVEs With Exploits In CISA KEV