Totolink X2000r Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Totolink X2000r Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2023-46550 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.
CVE-2023-46541 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.
CVE-2023-46542 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.
CVE-2023-46543 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.
CVE-2023-46544 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.
CVE-2023-46545 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.
CVE-2023-46546 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.
CVE-2023-46547 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.
CVE-2023-46548 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.
CVE-2023-46549 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.
CVE-2023-46540 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.
CVE-2023-46551 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.
CVE-2023-46552 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.
CVE-2023-46553 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.
CVE-2023-46554 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.
CVE-2023-46555 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.
CVE-2023-46556 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.
CVE-2023-46557 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.
CVE-2023-46558 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.
CVE-2023-46559 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.
CVE-2023-46560 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
CVE-2023-46562 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.
CVE-2023-46563 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.
CVE-2023-46564 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
CVE-2023-51133 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.
CVE-2023-51135 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.
CVE-2023-51136 — CVSS 9.8 (critical): TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.
CVE-2024-22529 — CVSS 9.8 (critical): TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of…
CVE-2024-28404 — CVSS 8.0 (high): TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall…
CVE-2023-7208 — CVSS 8.0 (high): A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function…
CVE-2025-57579 — CVSS 8.0 (high): An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default…
CVE-2023-7222 — CVSS 7.2 (high): A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the…
CVE-2025-8181 — CVSS 7.2 (high): A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file…
CVE-2025-5504 — CVSS 6.3 (medium): A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code…
CVE-2025-5515 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some…
CVE-2024-0579 — CVSS 6.3 (medium): A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function…
CVE-2024-28402 — CVSS 5.9 (medium): TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the…
CVE-2024-28403 — CVSS 5.4 (medium): TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page.
CVE-2024-28401 — CVSS 5.4 (medium): TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the…
CVE-2024-29419 — CVSS 5.4 (medium): There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before…
CVE-2024-33433 — CVSS 4.8 (medium): Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via…
CVE-2025-9577 — CVSS 2.5 (low): A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file…
CVE-2025-5542 — CVSS 2.4 (low): A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function…
CVE-2025-5543 — CVSS 2.4 (low): A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is…
CVE-2025-5516 — CVSS 2.4 (low): A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of…