Share
## https://sploitus.com/exploit?id=DFABF0DC-B983-517F-86A1-FD7143017745
# TOTOLINK A800R V5.9c.681 - Multiple Vulnerabilities

## Affected Product

- **Vendor:** TOTOLINK
- **Product:** A800R
- **Firmware:** V5.9c.681_B20180413
- **Download:** https://www.totolink.net/data/upload/20210428/4526515ee248f717fdfca97ae1cb36a1.zip

## Vulnerabilities

| # | Type | File | CWE | CVSS |
|---|------|------|-----|------|
| 1 | [Authentication Bypass](vuln1_auth_bypass.md) | cstecgi.cgi | CWE-306 | 9.8 |
| 2 | [Command Injection - setLanguageCfg](vuln2_setLanguageCfg.md) | global.so | CWE-78 | 9.8 |
| 3 | [Command Injection - setUpgradeFW](vuln3_setUpgradeFW.md) | upgrade.so | CWE-78 | 9.8 |
| 4 | [Command Injection - setNTPCfg](vuln4_setNTPCfg.md) | system.so | CWE-78 | 8.8 |
| 5 | [Information Disclosure - ExportSettings.sh](vuln5_ExportSettings.md) | ExportSettings.sh | CWE-200 | 7.5 |

## Disclaimer

These vulnerabilities are disclosed for educational and authorized security research purposes only.