DRUPAL-CONTRIB-2026-014

This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

CVE-2025-67187

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

CVE-2025-67187

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

PT-2026-5954

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description The software contains a buffer overflow issue in the setUrlFilterRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the url...

CVE-2025-67187

CVE-2025-67187 affects TOTOLINK A950RG (v4.1.2cu.5204_B20210112) via /lib/cste_modules/firewall.so, setIpQosRules: the comment parameter is not properly validated for length, causing a stack-based buffer overflow. Affected component is the setIpQosRules interface; root cause is insufficient input...

CVE-2025-67187

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

PT-2026-5955

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A stack-based buffer overflow exists in the setIpQosRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the comment parameter...

EUVD-2025-206712

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

EUVD-2025-206718

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

CVE-2025-67187

A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...

EUVD-2008-0375

Malware in sbrugna...

The vulnerability of the IP/Port Filtering configuration of the Firewall module of TOTOLINK A3002RU microprogrammed router software allows attackers to carry out cross-site scripting (XSS) attacks.

The vulnerability of the IP/Port Filtering configuration of the Firewall module in TOTOLINK A3002RU microprogrammed router software is related to the lack of protection for the website structure when processing the Comment parameter. Exploiting this vulnerability allows a remote attacker to perfo...

The vulnerability of the MAC filtering configuration of the Firewall module in TOTOLINK A3002RU microprogrammed router software allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the MAC filtering configuration in the TOTOLINK A3002RU router’s microprogrammed software firewall module is related to the lack of protection for the website structure when processing the “Comment” parameter. Exploiting this vulnerability allows a remote attacker to perform...

The vulnerability of the URL filtering configuration of the Firewall module in the Totolink X2000R software-defined router solution allows attackers to carry out cross-site scripting attacks.

The vulnerability of the URL filtering configuration of the Totolink X2000R router software module is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the setMacQos function in the /lib/cste_modules/firewall.so module of the TOTOLINK A3100R router’s software allows a attacker to cause a service failure.

The vulnerability of the setMacQos function in the /lib/cstemodules/firewall.so module of the TOTOLINK A3100R router’s software is related to buffer overflows in the stack when processing the priority parameter. Exploiting this vulnerability can allow an attacker to cause service interruptions by...

TOTOLINK A3100R 安全漏洞

TOTOLINK A3100R is a series of wireless routers from China's Gion Electronics TOTOLINK. The TOTOLINK A3100R suffers from a buffer overflow vulnerability that originates from the failure of the priority parameter of the setMacQos interface in /lib/cstemodules/firewall.so to correctly validate the...

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems arises from improper handling of exceptional states, allowing attackers to execute arbitrary code.

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems is related to improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...