If you’re using this router brand, you may want to disconnect now — security researchers found more vulnerabilities and a hardcoded password in Totolink hardware

News
By published

Steer clear of these routers

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

You might not give a second thought to the brand of your router, but that may all change after security experts have warned they are not all created equal. 

And one brand in particular - Totolink - seems to have been plagued with a worrying amount of vulnerabilities found in its products, including some very severe ones. 

The Totolink A3300R wireless router, for example, has command injection vulnerabilities that have recently been discovered, and the Totolink A8000RU was found to have a hardcoded password that could be accessed by anyone.

Troubled past

What's also worrying is that, at time of writing, the SSL certificate for the company's official website isn't even trusted by Chrome browsers, possibly suggesting a sign of compromise, or at least poor site maintenance on the part of the Totolink.

The National Vulnerability Database (NVD) maintained by NIST shows a large number of recently added flaws to Totolink hardware. The A3300R seems to be particularly affected, with many command injection vulnerabilities.

Two critical vulnerabilities were also found in the N200RE, both of which can lead to buffer overflow attacks. Both entries also contain a note stating that the vendor was contacted about the flaws, "but did not respond in any way."

The issues with Totolink routers date back years, and have been implicated in large scale attacks. For instance, a variant of the infamous Mirai botnet, known as Beastmode, was found exploiting flaws in Totolink routers in Spring 2022. Another botnet, known as Zerobot, also exploited flaws in them and routers from other manufacturers, such as D-Link and Huawei, in late 2022. 

In 2021, multiple flaws were also discovered in Totolink software, which could allow for remote attacks. This software was part of the A300R2 router. It was noted as being easily exploitable via a remote attack, letting threat actors execute arbitrary code.

Problems with Totolink routers even go as far back as 2015, when many of its routers were found to have flaws, some even reaching back six years before the date of this particular discovery. 

Totolink is owned by Hong-Kong company Zioncom Holdings Limited. The website for this firm is also flagged by Chrome as not having a valid SSL certificate.

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
I just learned something awful about my home Wi-Fi setup thanks to iFixit’s ‘worst of CES 2025’ awards
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
Security
Zyxel says it won’t patch security flaws in its old routers
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Toshiba Canvio Flex 4TB

I reviewed the Toshiba Canvio Flex 4TB – it's big on storage but stuck in the past
See more latest
Most Popular
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out
HP Fury G1i 18"
'2-inches gets you 30% more screen': HP is pitching 18-inch laptop as the best new thing in tech
Framework Desktop
Framework's Desktop is selling like hot cakes; Ryzen Max+ 395, Max 383 batches are sold out with next shipment in Q3
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)