CVE-2026-36841

TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function...

TOTOLINK N200RE 命令注入漏洞

The TOTOLINK N200RE is a router produced by TOTOLINK, a Chinese electronics company. The TOTOLINK N200RE V5 version has a command injection vulnerability, which stems from the use of command injections in the formMapDelDevice function, particularly with the macstr and bandstr parameters...

CVE-2025-55589

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice...

CVE-2025-55587

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-55587

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-55591

TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint...

PT-2025-33687 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: A buffer overflow exists in the hostname parameter at the /boafrm/formMapDelDevice API endpoint of the TOTOLINK A3002R router. This issue allows attackers to cause a Denial of Service...

The vulnerability of the formMapReboot() function in the embedded server of the TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the formMapReboot function in the embedded server of the TOTOLINK X15 router’s microprogramming software is related to the lack of measures to clean input data during the processing of the deviceMacAddr parameter. Exploiting this vulnerability allows a remote attacker to...

CVE-2025-5502

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched...

CVE-2025-4729

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr lead...

TOTOLINK A3002R 安全漏洞

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002R, which stems from the bandstr parameter in the formMapDelDevice interface failing to correctly validate the length size of the input data, no detailed...

CVE-2023-46558

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice...

PT-2023-30088 · Totolink · Totolink X2000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formMapDelDevice. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the...