Totolink N200Re Firmware vulnerabilities

CVE-2025-55895 [CRITICAL] CWE-284 CVE-2025-55895: TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote).

CVE-2025-55893 [MEDIUM] CWE-77 CVE-2025-55893: TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostNa TOTOLINK N200RE V9.3.5u.6437_B20230519 is vulnerable to command Injection in setOpModeCfg via hostName.

CVE-2025-7154 [MEDIUM] CWE-77 CVE-2025-7154: A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20 A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed

CVE-2024-1001 [CRITICAL] CWE-121 CVE-2024-1001: A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affe A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier

CVE-2024-1002 [HIGH] CWE-121 CVE-2024-1002: A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and

CVE-2024-0998 [HIGH] CWE-121 CVE-2024-0998: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critic A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may

CVE-2024-0997 [HIGH] CWE-121 CVE-2024-0997: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affec A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be

CVE-2024-1003 [HIGH] CWE-121 CVE-2024-1003: A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20 A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public a

CVE-2024-1000 [HIGH] CWE-121 CVE-2024-1000: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. T A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be

CVE-2024-0999 [HIGH] CWE-121 CVE-2024-0999: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public an

CVE-2024-1004 [HIGH] CWE-121 CVE-2024-1004: A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B2020121 A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may

CVE-2024-0299 [CRITICAL] CWE-78 CVE-2024-0299: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the publi

CVE-2024-0298 [CRITICAL] CWE-78 CVE-2024-0298: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critic A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used

CVE-2024-0296 [CRITICAL] CWE-78 CVE-2024-0296: A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and ma

CVE-2024-0297 [CRITICAL] CWE-78 CVE-2024-0297: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2023-2790 [MEDIUM] CWE-260 CVE-2023-2790: A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. A A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed

CVE-2020-23617 [MEDIUM] CWE-79 CVE-2020-23617: A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2 A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

CVE-2019-19825 [CRITICAL] CWE-287 CVE-2019-19825: On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl": On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authen

CVE-2019-19823 [HIGH] CWE-522 CVE-2019-19823: A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) st A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N10

CVE-2019-19824 [HIGH] CWE-78 CVE-2019-19824: On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS co On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R th