CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28037

TOTOLINK A810R V4.1.2cu.5182B20201026 and A950RG V4.1.2cu.5161B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter...

CVE-2025-28037

TOTOLINK A810R V4.1.2cu.5182B20201026 and A950RG V4.1.2cu.5161B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter...

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

BIT-PYTORCH-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-28039

CVE-2025-28039 affects TOTOLINK EX1200T (V4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setUpgradeFW function via the FileName parameter. CVSSv3.1: 9.8 (CRITICAL); Attack Vector: Network; Privileges Required: None; User Interaction: None; Impact: Confide...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

The vulnerability of the SafeInspect privilege control system lies in its failure to eliminate special elements used in the operating system’s command set, allowing a violator to execute arbitrary commands.

The vulnerability of the SafeInspect privilege control system lies in the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands...

CVE-2025-28037

CVE-2025-28037 affects TOTOLINK A810R (4.1.2cu.5182_B20201026) and A950RG (4.1.2cu.5161_B20200903). The issue is in the setDiagnosisCfg function, where the ipDomain parameter is not properly filtering construct command characters, enabling pre-auth remote command execution. Impact is reported as ...

CVE-2025-28038

CVE-2025-28038 affects TOTOLINK EX1200T (version 4.1.2cu.5232_B20210713). A pre-auth remote command execution vulnerability exists in the setWebWlanIdx function via the webWlanIdx parameter, enabling remote code execution without authentication. CVSS v3.1 base score is 9.8 (CRITICAL, Network, no ...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

PT-2025-17543 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...