TOTOLINK NR1800X
Approved changes feed: RSS · Atom
cpe:2.3:h:totolink:nr1800x:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Totolink (fa0129e6-aa24-5784-be77-22d8becdb79b) |
|---|---|
| Product | Nr1800X (272005b7-ed09-5e63-9609-0ba384016914) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-5030 |
not_vulnerable | 2026-06-08 08:07:02.901741 |
Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
MEDIUM (6.3)
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-03-29T03:30:15.254Z
Updated: 2026-03-30T13:28:48.091Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1328 |
not_vulnerable | 2026-06-08 07:49:08.278004 |
Totolink NR1800X POST Request cstecgi.cgi setWizardCfg buffer overflow
HIGH (8.8)
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Published: 2026-01-22T14:32:13.191Z
Updated: 2026-02-23T08:53:16.410Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1327 |
not_vulnerable | 2026-06-08 07:49:08.277589 |
Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection
MEDIUM (6.3)
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-01-22T14:02:10.294Z
Updated: 2026-02-23T08:53:00.325Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1326 |
not_vulnerable | 2026-06-08 07:49:08.276810 |
Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection
MEDIUM (6.3)
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-01-22T13:32:08.210Z
Updated: 2026-02-23T08:52:44.721Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60688 |
not_vulnerable | 2026-06-08 07:37:27.009253 |
Details available
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.
Published: 2025-11-13T00:00:00.000Z
Updated: 2025-11-13T17:36:37.203Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60686 |
not_vulnerable | 2026-06-08 07:37:27.008239 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-60684 |
not_vulnerable | 2026-06-08 07:37:27.006762 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-45845 |
not_vulnerable | 2026-06-08 07:25:11.122105 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-45844 |
not_vulnerable | 2026-06-08 07:25:11.121687 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-45843 |
not_vulnerable | 2026-06-08 07:25:11.121274 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-45842 |
not_vulnerable | 2026-06-08 07:25:11.120704 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-45841 |
not_vulnerable | 2026-06-08 07:25:11.120164 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35388 |
not_vulnerable | 2026-06-08 06:39:41.919544 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35388 |
vulnerable | 2026-06-08 06:39:41.915498 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-7220 |
not_vulnerable | 2026-06-08 06:21:57.323661 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36340 |
not_vulnerable | 2026-06-08 06:06:28.721909 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44256 |
not_vulnerable | 2026-06-08 05:49:35.361777 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41528 |
not_vulnerable | 2026-06-08 05:48:30.455446 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41527 |
not_vulnerable | 2026-06-08 05:48:30.455054 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41526 |
not_vulnerable | 2026-06-08 05:48:30.454651 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41525 |
not_vulnerable | 2026-06-08 05:48:30.454403 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41524 |
not_vulnerable | 2026-06-08 05:48:30.454145 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41523 |
not_vulnerable | 2026-06-08 05:48:30.453889 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41522 |
not_vulnerable | 2026-06-08 05:48:30.453646 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41521 |
not_vulnerable | 2026-06-08 05:48:30.453385 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41520 |
not_vulnerable | 2026-06-08 05:48:30.453117 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41518 |
not_vulnerable | 2026-06-08 05:48:30.452731 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41517 |
not_vulnerable | 2026-06-08 05:48:30.452367 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.