Approved changes feed: RSS · Atom

cpe:2.3:h:totolink:nr1800x:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorTotolink (fa0129e6-aa24-5784-be77-22d8becdb79b)
ProductNr1800X (272005b7-ed09-5e63-9609-0ba384016914)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-5030 not_vulnerable 2026-06-08 08:07:02.901741 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
MEDIUM (6.3)
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-03-29T03:30:15.254Z
Updated: 2026-03-30T13:28:48.091Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-1328 not_vulnerable 2026-06-08 07:49:08.278004 Totolink NR1800X POST Request cstecgi.cgi setWizardCfg buffer overflow
HIGH (8.8)
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Published: 2026-01-22T14:32:13.191Z
Updated: 2026-02-23T08:53:16.410Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-1327 not_vulnerable 2026-06-08 07:49:08.277589 Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection
MEDIUM (6.3)
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-01-22T14:02:10.294Z
Updated: 2026-02-23T08:53:00.325Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-1326 not_vulnerable 2026-06-08 07:49:08.276810 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection
MEDIUM (6.3)
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-01-22T13:32:08.210Z
Updated: 2026-02-23T08:52:44.721Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-60688 not_vulnerable 2026-06-08 07:37:27.009253 Details available
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.
Published: 2025-11-13T00:00:00.000Z
Updated: 2025-11-13T17:36:37.203Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-60686 not_vulnerable 2026-06-08 07:37:27.008239 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-60684 not_vulnerable 2026-06-08 07:37:27.006762 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-45845 not_vulnerable 2026-06-08 07:25:11.122105 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-45844 not_vulnerable 2026-06-08 07:25:11.121687 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-45843 not_vulnerable 2026-06-08 07:25:11.121274 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-45842 not_vulnerable 2026-06-08 07:25:11.120704 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-45841 not_vulnerable 2026-06-08 07:25:11.120164 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35388 not_vulnerable 2026-06-08 06:39:41.919544 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35388 vulnerable 2026-06-08 06:39:41.915498 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-7220 not_vulnerable 2026-06-08 06:21:57.323661 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-36340 not_vulnerable 2026-06-08 06:06:28.721909 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-44256 not_vulnerable 2026-06-08 05:49:35.361777 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41528 not_vulnerable 2026-06-08 05:48:30.455446 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41527 not_vulnerable 2026-06-08 05:48:30.455054 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41526 not_vulnerable 2026-06-08 05:48:30.454651 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41525 not_vulnerable 2026-06-08 05:48:30.454403 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41524 not_vulnerable 2026-06-08 05:48:30.454145 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41523 not_vulnerable 2026-06-08 05:48:30.453889 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41522 not_vulnerable 2026-06-08 05:48:30.453646 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41521 not_vulnerable 2026-06-08 05:48:30.453385 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41520 not_vulnerable 2026-06-08 05:48:30.453117 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41518 not_vulnerable 2026-06-08 05:48:30.452731 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41517 not_vulnerable 2026-06-08 05:48:30.452367 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.