Note:
This project will be discontinued after December 13, 2021. [more]
Product:
A7100ru_firmware
(Totolink)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-07-21 | CVE-2025-44655 | In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | A7100ru_firmware, A950rg_firmware, T10_firmware | N/A | ||
| 2022-11-25 | CVE-2022-44843 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. | A7100ru_firmware | 9.8 | ||
| 2022-11-25 | CVE-2022-44844 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | A7100ru_firmware | 9.8 | ||
| 2023-02-16 | CVE-2023-24238 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | A7100ru_firmware | 9.8 | ||
| 2023-02-16 | CVE-2023-24236 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | A7100ru_firmware | 9.8 | ||
| 2023-02-21 | CVE-2023-24184 | TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | A7100ru_firmware | 9.8 | ||
| 2023-03-23 | CVE-2023-27135 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | A7100ru_firmware | 9.8 | ||
| 2023-03-28 | CVE-2023-27229 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. | A7100ru_firmware | 9.8 | ||
| 2023-03-28 | CVE-2023-27231 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. | A7100ru_firmware | 9.8 | ||
| 2023-03-28 | CVE-2023-27232 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. | A7100ru_firmware | 9.8 |