CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

TOTOLINK NR1800X 注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a vulnerability that stems from the operation of the...

PT-2026-28742

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A command injection issue exists in the Telnet Service component of Totolink NR1800X. The issue is located in the NTPSyncWithHost function within the /cgi-bin/cstecgi.cgi file...

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

CVE-2026-1328

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The...

TOTOLINK NR1800X Command Injection Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data service deployment for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This...

TOTOLINK X5000R 安全漏洞

TOTOLINK X5000R is a router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK X5000R version V9.1.0u.6369B20230113, which originates from unauthenticated Telnet enablement, and could lead to an unauthenticated user logging in with an empty password and gaining root...

PT-2025-46172

Name of the Vulnerable Software and Affected Versions TOTOLink A7000R version 9.1.0u.6115 B20201022 Description A stack overflow exists in the urldecode function, specifically within the addEffect parameter. This issue allows attackers to trigger a Denial of Service DoS by sending a specially...

PT-2025-44656

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 9.1.0u.6115 B20201022 Description The device contains a stack overflow issue through the ssid5g parameter within the sub 4222E0 function. A crafted request can lead to a Denial of Service DoS. Recommendations At the...

CVE-2025-63461

Totolink A7000R v9.1.0u.6115B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

CVE-2025-51452

In TOTOLINK A7000R firmware 9.1.0u.6115B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm...

PT-2025-33016 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R firmware version 9.1.0u.6115 B20201022 Description: An attacker can bypass login by sending a specific request through the formLoginAuth.htm endpoint. Recommendations: Apply a configuration change to restrict access to the...

CVE-2022-41522

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function...

TOTOLINK NR1800X 安全漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A buffer overflow vulnerability exists in TOTOLINK NR1800X version v9.1.0u.6681B20230703, which stems from the password paramete...

PT-2024-1252 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, where manipulation of the sTime argument leads to a stack-based buffer overflow. This can be...

PT-2024-1057 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue exists due to the lack of neutralization of special elements in the setUssd function of the /cgi-bin/cstecgi.cgi file. This allows a remote attacker to execute...

PT-2024-1060 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical vulnerability exists in the setOpModeCfg function of the /cgi-bin/cstecgi.cgi file due to the lack of neutralization of special elements. This allows a remote attacker to...

PT-2024-1167 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue was found in the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to...