Totolink A3000Ru Firmware vulnerabilities

25 known vulnerabilities affecting totolink/a3000ru_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL12HIGH10MEDIUM3

Vulnerabilities

Page 1 of 2

CVE-2025-4496HIGHCVSS 8.7v4.1.8cu.5241_b202109272025-05-10

CVE-2025-4496 [HIGH] CWE-119 CVE-2025-4496: A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5 A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The ex

nvd

CVE-2025-28028HIGHCVSS 7.3v5.9c.5185_b202011282025-04-23

CVE-2025-28028 [HIGH] CWE-120 CVE-2025-28028: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.

nvd

CVE-2025-28025HIGHCVSS 7.3v5.9c.5185_b202011282025-04-23

CVE-2025-28025 [HIGH] CWE-120 CVE-2025-28025: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter.

nvd

CVE-2025-28034CRITICALCVSS 9.8v5.9c.5185_b202011282025-04-22

CVE-2025-28034 [CRITICAL] CWE-78 CVE-2025-28034: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.

nvd

CVE-2025-28035CRITICALCVSS 9.8v5.9c.5185_b202011282025-04-22

CVE-2025-28035 [CRITICAL] CWE-78 CVE-2025-28035: TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vuln TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

nvd

CVE-2025-28036CRITICALCVSS 9.8v5.9c.5185_b202011282025-04-22

CVE-2025-28036 [CRITICAL] CWE-78 CVE-2025-28036: TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vul TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

nvd

CVE-2025-28029HIGHCVSS 7.3v5.9c.5185_b202011282025-04-22

CVE-2025-28029 [HIGH] CWE-121 CVE-2025-28029: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi

nvd

CVE-2025-28026HIGHCVSS 7.3v5.9c.5185_b202011282025-04-22

CVE-2025-28026 [HIGH] CWE-121 CVE-2025-28026: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi.

nvd

CVE-2025-28027HIGHCVSS 7.3v5.9c.5185_b202011282025-04-22

CVE-2025-28027 [HIGH] CWE-121 CVE-2025-28027: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128 TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.

nvd

CVE-2025-28033HIGHCVSS 7.3v5.9c.5185_b202011282025-04-22

CVE-2025-28033 [HIGH] CWE-121 CVE-2025-28033: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

nvd

CVE-2025-28032HIGHCVSS 7.3v5.9c.5185_b202011282025-04-22

CVE-2025-28032 [HIGH] CWE-121 CVE-2025-28032: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

nvd

CVE-2025-2955MEDIUMCVSS 6.9≤ 5.9c.51852025-03-30

CVE-2025-2955 [MEDIUM] CWE-266 CVE-2025-2955: A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. Th A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to

nvd

CVE-2025-2688MEDIUMCVSS 5.3≤ 5.9c.51852025-03-24

CVE-2025-2688 [MEDIUM] CWE-266 CVE-2025-2688: A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploi

nvd

CVE-2024-7170MEDIUMCVSS 5.1v5.9c.5185_b202011282024-07-28

CVE-2024-7170 [MEDIUM] CWE-259 CVE-2024-7170: A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issu A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-27259

nvd

CVE-2022-36615HIGHCVSS 7.8v4.1.2cu.5185_b202011282022-08-29

CVE-2022-36615 [HIGH] CWE-798 CVE-2022-36615: TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

nvd

CVE-2022-28935HIGHCVSS 7.2v5.9c.5185_b202011282022-07-06

CVE-2022-28935 [HIGH] CWE-77 CVE-2022-28935: Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2 Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.

nvd

CVE-2022-26208CRITICALCVSS 9.8v5.9c.5185_b202011282022-03-15

CVE-2022-26208 [CRITICAL] CWE-78 CVE-2022-26208: Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attack

nvd

CVE-2022-26212CRITICALCVSS 9.8v5.9c.5185_b202011282022-03-15

CVE-2022-26212 [CRITICAL] CWE-78 CVE-2022-26212: Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerabilit

nvd

CVE-2022-26210CRITICALCVSS 9.8Exploitedv5.9c.5185_b202011282022-03-15

CVE-2022-26210 [CRITICAL] CWE-78 CVE-2022-26210: Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers

nvd

CVE-2022-26207CRITICALCVSS 9.8v5.9c.5185_b202011282022-03-15

CVE-2022-26207 [CRITICAL] CWE-78 CVE-2022-26207: Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attack

nvd

1 / 2Next →