Totolink A810R Firmware vulnerabilities

29 known vulnerabilities affecting totolink/a810r_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL15HIGH13MEDIUM1

Vulnerabilities

Page 1 of 2

CVE-2025-4496HIGHCVSS 8.7v4.1.8cu.5241_b202109272025-05-10

CVE-2025-4496 [HIGH] CWE-119 CVE-2025-4496: A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5 A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack can be initiated remotely. The ex

nvd

CVE-2025-28022HIGHCVSS 7.3v4.1.2cu.5182_b202010262025-04-23

CVE-2025-28022 [HIGH] CWE-120 CVE-2025-28022: TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downl TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.

nvd

CVE-2025-28021HIGHCVSS 7.3v4.1.2cu.5182_b202010262025-04-23

CVE-2025-28021 [HIGH] CWE-120 CVE-2025-28021: TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the d TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters

nvd

CVE-2025-28034CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28034 [CRITICAL] CWE-78 CVE-2025-28034: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function through the hostTime parameter.

nvd

CVE-2025-28035CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28035 [CRITICAL] CWE-78 CVE-2025-28035: TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vuln TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

nvd

CVE-2025-28024CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28024 [CRITICAL] CWE-120 CVE-2025-28024: TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the c TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the cstecgi.cgi

nvd

CVE-2025-28037CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28037 [CRITICAL] CWE-78 CVE-2025-28037: TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pr TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.

nvd

CVE-2025-28036CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28036 [CRITICAL] CWE-78 CVE-2025-28036: TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vul TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

nvd

CVE-2025-28033HIGHCVSS 7.3v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28033 [HIGH] CWE-121 CVE-2025-28033: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpTo parameter.

nvd

CVE-2025-28032HIGHCVSS 7.3v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28032 [HIGH] CWE-121 CVE-2025-28032: TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102 TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm parameter.

nvd

CVE-2025-28030HIGHCVSS 8.8v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28030 [HIGH] CWE-121 CVE-2025-28030: TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.

nvd

CVE-2025-28031MEDIUMCVSS 6.5v4.1.2cu.5182_b202010262025-04-22

CVE-2025-28031 [MEDIUM] CWE-259 CVE-2025-28031: TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet service in product.ini.

nvd

CVE-2025-28137CRITICALCVSS 9.8v4.1.2cu.5182_b202010262025-04-15

CVE-2025-28137 [CRITICAL] CWE-78 CVE-2025-28137: The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

nvd

CVE-2025-28135HIGHCVSS 7.5v4.1.2cu.5182_b202010262025-03-27

CVE-2025-28135 [HIGH] CWE-121 CVE-2025-28135: TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downl TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi.

nvd

CVE-2024-57036HIGHCVSS 8.1v4.1.2cu.5032_b202004072025-01-21

CVE-2024-57036 [HIGH] CWE-77 CVE-2024-57036: TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in dow TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.

nvd

CVE-2024-53334HIGHCVSS 8.8v4.1.2cu.5182_b202010262024-11-21

CVE-2024-53334 [HIGH] CWE-120 CVE-2024-53334: TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi.

nvd

CVE-2024-53335HIGHCVSS 7.8v4.1.2cu.5182_b202010262024-11-21

CVE-2024-53335 [HIGH] CWE-120 CVE-2024-53335: TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi.

nvd

CVE-2022-36616HIGHCVSS 7.8v4.1.2cu.5182_b202010262022-08-29

CVE-2022-36616 [HIGH] CWE-798 CVE-2022-36616: TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcode TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

nvd

CVE-2022-38511HIGHCVSS 7.8Exploitedv5.9c.4050_b201904242022-08-29

CVE-2022-38511 [HIGH] CWE-78 CVE-2022-38511: TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

nvd

CVE-2022-28935HIGHCVSS 7.2v4.1.2cu.5182_b202010262022-07-06

CVE-2022-28935 [HIGH] CWE-77 CVE-2022-28935: Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2 Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.

nvd

1 / 2Next →