CVE-2026-5020

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

EUVD-2025-12219

Malicious code in bioql PyPI...

EUVD-2025-12217

Malicious code in bioql PyPI...

CVE-2025-28032

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the IpForm paramet...

CVE-2025-28033

TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R are affected by a pre-auth buffer overflow in the setNoticeCfg function via the IpTo parameter. Affected firmware versions are: A800R 4.1.2cu.5137_B20200730; A810R 4.1.2cu.5182_B20201026; A830R 4.1.2cu.5182_B20201102; A950RG 4.1.2cu.5161_B...

CVE-2025-28033

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth buffer overflow vulnerability in the setNoticeCfg function through the...

TOTOLINK A830R 安全漏洞

The TOTOLINK A830R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A830R version V4.1.2cu.5182B20201102, which stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed...

PT-2025-17540 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...

CVE-2025-28036

TOTOLINK A950RG (firmware V4.1.2cu.5161_B20200903) contains a pre-auth remote command execution vulnerability in the setNoticeCfg function via the NoticeUrl parameter. This CVE (CVE-2025-28036) is documented across multiple feeds, with the core detail being arbitrary command execution by a remote...

PT-2025-17542 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...

CVE-2025-28137

The TOTOLINK A810R V4.1.2cu.5182B20201026 were found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter...

TOTOLINK A800R 操作系统命令注入漏洞

The TOTOLINK A800R is a wireless router manufactured by TOTOLINK. A command execution vulnerability exists in the TOTOLINK A800R. The vulnerability stems from a flaw in the processing of user input via the NoticeUrl parameter in the setNoticeCfg function, which can be exploited by an attacker to...

CVE-2024-36650

TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247B20211129, in the cgi function setNoticeCfg of the file /lib/cstemodules/system.so, the length of the user input string NoticeUrl is not checked. This can lead to a buffer overflow, allowing attackers to construct...

CVE-2021-44247

CVE-2021-44247 affects Totolink A3100R, A830R, and A720R devices. The issue is a command injection vulnerability in the setNoticeCfg function that allows an attacker to execute arbitrary commands via the IpFrom parameter. Connected sources (Red Hat and CNVD entries) confirm the affected models an...