Totolink A950rg Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink A950rg Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2025-28037 — CVSS 9.8 (critical): TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution…
CVE-2025-28036 — CVSS 9.8 (critical): TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function…
CVE-2025-44655 — CVSS 9.8 (critical): In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to…
CVE-2025-45797 — CVSS 9.8 (critical): TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input…
CVE-2025-45798 — CVSS 9.8 (critical): A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg…
CVE-2025-45800 — CVSS 9.8 (critical): TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the…
CVE-2025-67187 — CVSS 9.8 (critical): A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules…
CVE-2025-67186 — CVSS 9.8 (critical): TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of…
CVE-2025-67188 — CVSS 9.8 (critical): A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the…
CVE-2022-25082 — CVSS 9.8 (critical): TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main"…
CVE-2025-28035 — CVSS 9.8 (critical): TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vulnerability in the setNoticeCfg function…
CVE-2025-4496 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as…
CVE-2022-36612 — CVSS 7.8 (high): TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2025-60702 — CVSS 6.5 (medium): A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `system.so` binary. The…
CVE-2025-60699 — CVSS 6.5 (medium): A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The…
CVE-2025-67189 — CVSS 6.5 (medium): A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword…