Totolink A7100ru_firmware
37 CVEs affecting Totolink A7100ru_firmware. Latest disclosed: 2025-07-21. Critical: 37, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44655 | Critical | 9.8 | 2025-07-21 | In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to syst… |
CVE-2023-7095 | Critical | 9.8 | 2023-12-25 | A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_B20191024. Affected by this issue is the function main of the… |
CVE-2023-6906 | Critical | 9.8 | 2023-12-18 | A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Affected is the function main of the file /cgi-bin/cstec… |
CVE-2023-33556 | Critical | 9.8 | 2023-06-07 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg. |
CVE-2023-30054 | Critical | 9.8 | 2023-05-05 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payloa… |
CVE-2023-30053 | Critical | 9.8 | 2023-05-05 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. |
CVE-2023-26978 | Critical | 9.8 | 2023-04-07 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. |
CVE-2023-26848 | Critical | 9.8 | 2023-04-07 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. |
CVE-2023-27232 | Critical | 9.8 | 2023-03-28 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. |
CVE-2023-27231 | Critical | 9.8 | 2023-03-28 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. |
CVE-2023-27229 | Critical | 9.8 | 2023-03-28 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. |
CVE-2023-27135 | Critical | 9.8 | 2023-03-23 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. |
CVE-2023-25395 | Critical | 9.8 | 2023-03-08 | TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. |
CVE-2023-24184 | Critical | 9.8 | 2023-02-21 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. |
CVE-2023-24238 | Critical | 9.8 | 2023-02-16 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. |
CVE-2023-24236 | Critical | 9.8 | 2023-02-16 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. |
CVE-2023-24276 | Critical | 9.8 | 2023-02-06 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. |
CVE-2022-48126 | Critical | 9.8 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGene… |
CVE-2022-48125 | Critical | 9.8 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGene… |
CVE-2022-48124 | Critical | 9.8 | 2023-01-20 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGene… |