Totolink A950rg_firmware
33 CVEs affecting Totolink A950rg_firmware. Latest disclosed: 2026-02-03. Critical: 20, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-67188 | Critical | 9.8 | 2026-02-03 | A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6… |
CVE-2025-67187 | Critical | 9.8 | 2026-02-03 | A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/c… |
CVE-2025-67186 | Critical | 9.8 | 2026-02-03 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulne… |
CVE-2025-44655 | Critical | 9.8 | 2025-07-21 | In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to syst… |
CVE-2025-45798 | Critical | 9.8 | 2025-05-08 | A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the… |
CVE-2025-45797 | Critical | 9.8 | 2025-05-08 | TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl… |
CVE-2025-45800 | Critical | 9.8 | 2025-05-02 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, s… |
CVE-2025-28036 | Critical | 9.8 | 2025-04-22 | TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeU… |
CVE-2025-28035 | Critical | 9.8 | 2025-04-22 | TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function through the NoticeUr… |
CVE-2025-28037 | Critical | 9.8 | 2025-04-22 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDia… |
CVE-2025-28034 | Critical | 9.8 | 2025-04-22 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201… |
CVE-2022-26214 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26212 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26211 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26210 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26209 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26208 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26207 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-26206 | Critical | 9.8 | 2022-03-15 | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B2020112… |
CVE-2022-25082 | Critical | 9.8 | 2022-02-24 | TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vuln… |