Totolink A3002ru_firmware
49 CVEs affecting Totolink A3002ru_firmware. Latest disclosed: 2026-02-17. Critical: 9, High: 29.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-34198 | Critical | 9.8 | 2024-08-28 | TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit… |
CVE-2022-35491 | Critical | 9.8 | 2022-08-10 | TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. |
CVE-2019-19825 | Critical | 9.8 | 2020-01-27 | On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, lead… |
CVE-2018-13316 | Critical | 9.8 | 2018-11-27 | System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. |
CVE-2018-13314 | Critical | 9.8 | 2018-11-27 | System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. |
CVE-2018-13307 | Critical | 9.8 | 2018-11-27 | System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certai… |
CVE-2018-13306 | Critical | 9.8 | 2018-11-27 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. |
CVE-2018-13315 | Critical | 9.8 | 2018-11-26 | Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POS… |
CVE-2018-13311 | Critical | 9.8 | 2018-11-26 | System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. |
CVE-2026-26736 | High | 8.8 | 2026-02-17 | TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function. |
CVE-2026-26732 | High | 8.8 | 2026-02-17 | TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter fun… |
CVE-2026-26731 | High | 8.8 | 2026-02-17 | TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function. |
CVE-2025-6953 | High | 8.8 | 2025-07-01 | A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/form… |
CVE-2025-6939 | High | 8.8 | 2025-07-01 | A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteS… |
CVE-2025-6393 | High | 8.8 | 2025-06-21 | A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713… |
CVE-2025-6337 | High | 8.8 | 2025-06-20 | A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerab… |
CVE-2025-6163 | High | 8.8 | 2025-06-17 | A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file… |
CVE-2025-6148 | High | 8.8 | 2025-06-17 | A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boaf… |
CVE-2025-4835 | High | 8.8 | 2025-05-17 | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an un… |
CVE-2025-4834 | High | 8.8 | 2025-05-17 | A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an unknown function of th… |