N600r Firmware Security Vulnerabilities and Issues — N600r Firmware CVE List

Lucene search

TotolinkN600r Firmware

30 matches found

CVE•added 2022/03/22 9:15 p.m.•373 views

CVE-2022-26186

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.

9.8CVSS9.7AI score0.06091EPSS

In wild

CVE•added 2022/03/22 9:15 p.m.•116 views

CVE-2022-26187

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.

9.8CVSS9.8AI score0.15039EPSS

CVE•added 2022/05/10 2:15 p.m.•99 views

CVE-2022-28911

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/03/22 9:15 p.m.•96 views

CVE-2022-26188

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.

9.8CVSS9.8AI score0.14899EPSS

CVE•added 2022/05/10 2:15 p.m.•91 views

CVE-2022-28906

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 2:15 p.m.•89 views

CVE-2022-28909

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

10CVSS9.8AI score0.10295EPSS

CVE•added 2022/03/22 9:15 p.m.•87 views

CVE-2022-26189

TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.

9.8CVSS9.8AI score0.14899EPSS

CVE•added 2022/05/10 2:15 p.m.•82 views

CVE-2022-28905

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 2:15 p.m.•82 views

CVE-2022-28910

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 2:15 p.m.•82 views

CVE-2022-28913

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 8:15 p.m.•78 views

CVE-2022-29391

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 8:15 p.m.•77 views

CVE-2022-29399

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.

10CVSS9.6AI score0.00454EPSS

CVE•added 2022/05/10 2:15 p.m.•74 views

CVE-2022-28912

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 8:15 p.m.•74 views

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/05 7:15 p.m.•72 views

CVE-2022-27411

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.

10CVSS9.8AI score0.04788EPSS

CVE•added 2022/05/10 8:15 p.m.•71 views

CVE-2022-29393

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 2:15 p.m.•69 views

CVE-2022-28907

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 8:15 p.m.•69 views

CVE-2022-29392

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 8:15 p.m.•66 views

CVE-2022-29395

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 8:15 p.m.•66 views

CVE-2022-29397

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 8:15 p.m.•65 views

CVE-2022-29396

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.

10CVSS9.6AI score0.00455EPSS

CVE•added 2022/05/10 2:15 p.m.•64 views

CVE-2022-28908

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.

10CVSS9.8AI score0.11614EPSS

CVE•added 2022/05/10 8:15 p.m.•62 views

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.

10CVSS9.6AI score0.00454EPSS

CVE•added 2025/05/10 5:15 a.m.•60 views

CVE-2025-4496

A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as critical. This vulnerability affects the function CloudACMunualUpdate of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffe...

9.8CVSS7.1AI score0.00195EPSS

CVE•added 2022/08/29 12:15 a.m.•55 views

CVE-2022-36613

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

7.8CVSS7.7AI score0.00056EPSS

CVE•added 2025/04/15 7:16 p.m.•49 views

CVE-2025-22903

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.

4.6CVSS7.6AI score0.00168EPSS

CVE•added 2025/04/15 7:16 p.m.•48 views

CVE-2025-22900

Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function.

9.8CVSS7.6AI score0.00388EPSS

CVE•added 2023/09/25 4:15 p.m.•43 views

CVE-2023-43141

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.

9.8CVSS9.3AI score0.00074EPSS

CVE•added 2025/06/13 1:15 p.m.•34 views

CVE-2025-46060

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

9.8CVSS8.1AI score0.00642EPSS

CVE•added 2025/08/04 6:15 p.m.•11 views

CVE-2025-51390

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.

9.8CVSS7.7AI score0.03688EPSS