If you’re using this router brand, you may want to disconnect now — security researchers found more vulnerabilities and a hardcoded password in Totolink hardware


You might not give a second thought to the brand of your router, but that may all change after security experts have warned they are not all created equal.
And one brand in particular – Totolink – seems to have been plagued with a worrying amount of vulnerabilities found in its products, including some very severe ones.
The Totolink A3300R wireless router, for example, has command injection vulnerabilities that have recently been discovered, and the Totolink A8000RU was found to have a hardcoded password that could be accessed by anyone.
Troubled past
What’s also worrying is that, at time of writing, the SSL certificate for the company’s official website isn’t even trusted by Chrome browsers, possibly suggesting a sign of compromise, or at least poor site maintenance on the part of the Totolink.
The National Vulnerability Database (NVD) maintained by NIST shows a large number of recently added flaws to Totolink hardware. The A3300R seems to be particularly affected, with many command injection vulnerabilities.
Two critical vulnerabilities were also found in the N200RE, both of which can lead to buffer overflow attacks. Both entries also contain a note stating that the vendor was contacted about the flaws, “but did not respond in any way.”
The issues with Totolink routers date back years, and have been implicated in large scale attacks. For instance, a variant of the infamous Mirai botnet, known as Beastmode, was found exploiting flaws in Totolink routers in Spring 2022. Another botnet, known as Zerobot, also exploited flaws in them and routers from other manufacturers, such as D-Link and Huawei, in late 2022.
In 2021, multiple flaws were also discovered in Totolink software, which could allow for remote attacks. This software was part of the A300R2 router. It was noted as being easily exploitable via a remote attack, letting threat actors execute arbitrary code.
Problems with Totolink routers even go as far back as 2015, when many of its routers were found to have flaws, some even reaching back six years before the date of this particular discovery.
Totolink is owned by Hong-Kong company Zioncom Holdings Limited. The website for this firm is also flagged by Chrome as not having a valid SSL certificate.
MORE FROM TECHRADAR PRO
You might not give a second thought to the brand of your router, but that may all change after security experts have warned they are not all created equal. And one brand in particular – Totolink – seems to have been plagued with a worrying amount of vulnerabilities found in…
Recent Posts
- This devious new macOS malware disguises itself as Chrome, Zoom installers
- Look at this keyboard
- Longer-lasting laptops: the modular hardware you can upgrade and repair yourself
- Chinese hackers develop effective new hacking technique to go after business networks
- A reviews site embroiled in AI scandal is back from the dead
Archives
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- September 2018
- October 2017
- December 2011
- August 2010