Totolink Nr1800X Firmware vulnerabilities

CVE-2026-5030 [MEDIUM] CWE-74 CVE-2026-5030: A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the fun A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be u

CVE-2026-1328 [HIGH] CWE-119 CVE-2026-1328: A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function set A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2026-1327 [MEDIUM] CWE-74 CVE-2026-1327: A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue aff A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly

CVE-2026-1326 [MEDIUM] CWE-74 CVE-2026-1326: A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public a

CVE-2025-60688 [MEDIUM] CWE-121 CVE-2025-60688: A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and N A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length valid

CVE-2025-60686 [MEDIUM] CWE-121 CVE-2025-60686: A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binarie A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers witho

CVE-2025-60684 [MEDIUM] CWE-121 CVE-2025-60684: A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and N A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length valid

CVE-2025-45841 [CRITICAL] CWE-787 CVE-2025-45841: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.

CVE-2025-45843 [HIGH] CWE-787 CVE-2025-45843: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.

CVE-2025-45842 [HIGH] CWE-787 CVE-2025-45842: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.

CVE-2025-45845 [HIGH] CWE-787 CVE-2025-45845: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.

CVE-2025-45844 [HIGH] CWE-787 CVE-2025-45844: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.

CVE-2024-35388 [HIGH] CWE-121 CVE-2024-35388: TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode

CVE-2023-7220 [CRITICAL] CWE-121 CVE-2023-7220: A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affe A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be

CVE-2023-36340 [CRITICAL] CWE-787 CVE-2023-36340: TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.

CVE-2022-44256 [HIGH] CWE-787 CVE-2022-44256: TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter l TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.

CVE-2022-41525 [CRITICAL] CWE-78 CVE-2022-41525: TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.

CVE-2022-41522 [CRITICAL] CWE-787 CVE-2022-41522: TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.

CVE-2022-41518 [CRITICAL] CWE-78 CVE-2022-41518: TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.

CVE-2022-41528 [HIGH] CWE-787 CVE-2022-41528: TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow vi TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.