Totolink Nr1800x Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink Nr1800x Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2022-41522 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an unauthenticated stack overflow via the "main" function.
CVE-2025-45841 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg…
CVE-2022-41525 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at…
CVE-2022-41518 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at…
CVE-2023-36340 — CVSS 9.8 (critical): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth.
CVE-2023-7220 — CVSS 9.8 (critical): A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function…
CVE-2022-41527 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the pppoeUser parameter in the…
CVE-2022-41528 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg…
CVE-2022-44256 — CVSS 8.8 (high): TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter lang in the setLanguageCfg function.
CVE-2024-35388 — CVSS 8.8 (high): TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode
CVE-2025-45842 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the…
CVE-2025-45843 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the…
CVE-2025-45844 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the…
CVE-2025-45845 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the…
CVE-2022-41517 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow in the lang parameter in the setLanguageCfg function
CVE-2022-41520 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the File parameter in the…
CVE-2022-41521 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the sPort/ePort parameter in the…
CVE-2022-41523 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the command parameter in the…
CVE-2022-41524 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the week, sTime, and eTime parameters…
CVE-2022-41526 — CVSS 8.8 (high): TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the…
CVE-2026-1328 — CVSS 8.8 (high): A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file…
CVE-2025-60688 — CVSS 6.5 (medium): A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router…
CVE-2025-60684 — CVSS 6.5 (medium): A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router…
CVE-2026-1326 — CVSS 6.3 (medium): A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file…
CVE-2026-1327 — CVSS 6.3 (medium): A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of…
CVE-2026-5030 — CVSS 6.3 (medium): A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file…
CVE-2025-60686 — CVSS 5.1 (medium): A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R…