Totolink A3700r_firmware
43 CVEs affecting Totolink A3700r_firmware. Latest disclosed: 2026-01-19. Critical: 17, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42545 | Critical | 9.8 | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function. |
CVE-2024-42543 | Critical | 9.8 | 2024-08-12 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function. |
CVE-2024-37637 | Critical | 9.8 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. |
CVE-2024-37635 | Critical | 9.8 | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg |
CVE-2024-37634 | Critical | 9.8 | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. |
CVE-2024-37632 | Critical | 9.8 | 2024-06-13 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . |
CVE-2024-22663 | Critical | 9.8 | 2024-01-23 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg |
CVE-2024-22662 | Critical | 9.8 | 2024-01-23 | TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules |
CVE-2024-22660 | Critical | 9.8 | 2024-01-23 | TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg |
CVE-2023-52031 | Critical | 9.8 | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. |
CVE-2023-52030 | Critical | 9.8 | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. |
CVE-2023-52029 | Critical | 9.8 | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. |
CVE-2023-52028 | Critical | 9.8 | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. |
CVE-2023-52027 | Critical | 9.8 | 2024-01-11 | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. |
CVE-2023-50147 | Critical | 9.8 | 2023-12-22 | There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware… |
CVE-2023-46574 | Critical | 9.8 | 2023-10-25 | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile func… |
CVE-2023-43141 | Critical | 9.8 | 2023-09-25 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. |
CVE-2026-1143 | High | 8.8 | 2026-01-19 | A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Execut… |
CVE-2024-37640 | High | 8.8 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. |
CVE-2024-37639 | High | 8.8 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. |