Totolink A830r Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink A830r Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2025-28036 — CVSS 9.8 (critical): TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function…
CVE-2021-44247 — CVSS 9.8 (critical): Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain…
CVE-2022-25080 — CVSS 9.8 (critical): TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability…
CVE-2022-48066 — CVSS 9.8 (critical): An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.
CVE-2025-28035 — CVSS 9.8 (critical): TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function…
CVE-2022-48069 — CVSS 7.5 (high): Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.
CVE-2021-44246 — CVSS 7.5 (high): Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a…
CVE-2022-48067 — CVSS 5.5 (medium): An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force…