CVE-2025-28037

TOTOLINK A810R V4.1.2cu.5182B20201026 and A950RG V4.1.2cu.5161B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter...

CVE-2025-28036

TOTOLINK A950RG (firmware V4.1.2cu.5161_B20200903) contains a pre-auth remote command execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter. This CVE (CVE-2025-28036) is documented across multiple feeds, with the core detail being arbitrary command execution by a remote...

CVE-2025-28034

CVE-2025-28034 affects several TOTOLINK devices (A800R, A810R, A830R, A950RG, A3000RU, A3100R). The vulnerability is a pre-auth remote command execution in the NTPSyncWithHost function via the hostTime parameter. No explicit exploitation details are provided in the documents; exploit status is no...

CVE-2025-28036

TOTOLINK A950RG V4.1.2cu.5161B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

TOTOLINK多款产品 安全漏洞

TOTOLINK A800R and others are products of China Gion Electronics TOTOLINK.TOTOLINK A800R is a wireless router.TOTOLINK A830R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band...

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

PT-2025-17570 · Totolink · Totolink A950Rg

Name of the Vulnerable Software and Affected Versions: TOTOLINK A950RG version 4.1.2cu.5161 B20200903 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setNoticeCfg function and can be exploited through the NoticeUrl parameter. Recommendations: For...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. The TOTOLINK EX1200T suffers from a command execution vulnerability that originates from the presence of a pre-authenticated remote command execution of the webWlanIdx...

PT-2025-17555 · Totolink · Totolink A950Rg +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setDiagnosisCfg function and can be exploited throu...

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

PT-2025-17569 · Totolink · Totolink A830R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A830R version 4.1.2cu.5182 B20201102 Description: The issue is a pre-auth remote command execution vulnerability. It is located in the setNoticeCfg function and can be exploited through the NoticeUrl parameter. Recommendations: For...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28035

CVE-2025-28035 affects TOTOLINK A830R (firmware V4.1.2cu.5182_B20201102). It describes a pre-auth remote code execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter, allowing arbitrary commands to be executed with high impact (per CVSS v3.1: Network, Privileges None, Use...

CVE-2025-28035

TOTOLINK A830R V4.1.2cu.5182B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

Yi IOT XY-3820 安全漏洞

Yi IOT XY-3820 is a wireless security camera from Yi IOT. A security vulnerability exists in the Yi IOT XY-3820 version 6.0.24.10, which stems from the cmdlisten function in the cmd binary being vulnerable to remote command execution attacks...