Totolink N600r Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink N600r Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2022-26186 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at…
CVE-2022-26187 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
CVE-2022-26188 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.
CVE-2022-26189 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login…
CVE-2022-27411 — CVSS 9.8 (critical): TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the…
CVE-2022-28905 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in…
CVE-2022-28906 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in…
CVE-2022-28907 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in…
CVE-2022-28908 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in…
CVE-2022-28909 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in…
CVE-2022-28910 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in…
CVE-2022-28911 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in…
CVE-2022-28912 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in…
CVE-2022-28913 — CVSS 9.8 (critical): TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in…
CVE-2022-29391 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.
CVE-2022-29392 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24.
CVE-2022-29393 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.
CVE-2022-29394 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.
CVE-2022-29395 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.
CVE-2022-29396 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.
CVE-2022-29397 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.
CVE-2022-29398 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.
CVE-2022-29399 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.
CVE-2025-22900 — CVSS 9.8 (critical): Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig…
CVE-2025-46060 — CVSS 9.8 (critical): Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the…
CVE-2025-51390 — CVSS 9.8 (critical): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the…
CVE-2025-4496 — CVSS 8.8 (high): A vulnerability was found in TOTOLINK T10, A3100R, A950RG, A800R, N600R, A3000RU and A810R 4.1.8cu.5241_B20210927. It has been declared as…
CVE-2025-11444 — CVSS 8.8 (high): A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of…
CVE-2022-36613 — CVSS 7.8 (high): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
CVE-2025-60336 — CVSS 7.5 (high): A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of…
CVE-2025-60333 — CVSS 7.5 (high): TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig…
CVE-2025-60334 — CVSS 7.5 (high): TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function…
CVE-2025-60335 — CVSS 7.5 (high): A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service…
CVE-2025-9935 — CVSS 7.3 (high): A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file…
CVE-2025-8181 — CVSS 7.2 (high): A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file…
CVE-2025-57623 — CVSS 5.3 (medium): A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.
CVE-2025-22903 — CVSS 4.6 (medium): TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig.