Totolink A7000R Firmware vulnerabilities

CVE-2026-1601 [MEDIUM] CWE-74 CVE-2026-1601: A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function s A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-1623 [MEDIUM] CWE-74 CVE-2026-1623: A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-1548 [MEDIUM] CWE-74 CVE-2026-1548: A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUs A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.

CVE-2026-1547 [MEDIUM] CWE-74 CVE-2026-1547: A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserD A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVE-2025-63154 [HIGH] CWE-121 CVE-2025-63154: TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect p TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2025-63153 [HIGH] CWE-121 CVE-2025-63153: TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parame TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63462 [HIGH] CWE-121 CVE-2025-63462: Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff pa Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63461 [HIGH] CWE-121 CVE-2025-63461: Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g par Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63460 [HIGH] CWE-121 CVE-2025-63460: Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g par Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-63459 [HIGH] CWE-121 CVE-2025-63459: Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g par Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-51452 [CRITICAL] CWE-288 CVE-2025-51452: In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specifi In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.

CVE-2024-7213 [HIGH] CWE-120 CVE-2024-7213: A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B2022050 A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The iden

CVE-2024-7212 [HIGH] CWE-120 CVE-2024-7212: A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20 A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-28639 [CRITICAL] CWE-120 CVE-2024-28639: Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B202 Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.

CVE-2024-28640 [HIGH] CWE-125 CVE-2024-28640: Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B202 Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.

CVE-2023-49418 [CRITICAL] CWE-787 CVE-2023-49418: TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules.

CVE-2023-49417 [CRITICAL] CWE-787 CVE-2023-49417: TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg.

CVE-2023-45984 [CRITICAL] CWE-787 CVE-2023-45984: TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

CVE-2023-36947 [CRITICAL] CWE-787 CVE-2023-36947: TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule.

CVE-2023-36950 [CRITICAL] CWE-787 CVE-2023-36950: TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.