CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The vulnerability in the downloadFile.cgi script of the TOTOLINK A800R router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the downloadFile.cgi subroutine of the TOTOLINK A800R router’s microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibilit...

7.5CVSS5.4AI score0.00342EPSS

Exploits1References2Affected Software1

BDU FSTEC•added 2025/05/23 12:0 a.m.•3 views

The vulnerability of the downloadFile.cgi function in the microprogramming software for the Totolink-A800R router allows a hacker to execute arbitrary code.

The vulnerability of the downloadFile.cgi function in the Totolink-A800R router microprogramming system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS6.2AI score0.00255EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/05/22 11:24 p.m.•3 views

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

9.8CVSS9.8AI score0.03505EPSS

Exploits1References1

CNVD•added 2025/05/07 12:0 a.m.•2 views

TOTOLINK A800R Command Injection Vulnerability (CNVD-2025-09933)

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A800R suffers from a command injection vulnerability that stems from the QUERYSTRING parameter in downloadFile.cgi failing to correctly filter constructed command special characters, commands, and so on. No...

6.5CVSS7.5AI score0.01146EPSS

Exploits1References1

CNVD•added 2025/05/07 12:0 a.m.•3 views

TOTOLINK A800R downloadFile.cgi Component Buffer Overflow Vulnerability

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A800R version V4.1.2cu.5137B20200730, which stems from a security issue in the downloadFile.cgi component, and can be exploited by remote attackers to execute arbitrary...

7.3CVSS8.7AI score0.00408EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 5:29 a.m.•5 views

CVE-2025-28022

TOTOLINK A810R V4.1.2cu.5182B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

7.3CVSS7.5AI score0.00331EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 5:26 a.m.•16 views

CVE-2025-28026

TOTOLINK A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi...

7.3CVSS7.6AI score0.00331EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 5:25 a.m.•20 views

CVE-2025-28017

TOTOLINK A800R V4.1.2cu.5032B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERYSTRING parameter...

6.5CVSS7.3AI score0.01146EPSS

Exploits1References1

RedhatCVE•added 2025/04/26 5:22 a.m.•12 views

CVE-2025-28019

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component...

7.3CVSS7.5AI score0.00408EPSS

Exploits1References1