CVE-2026-7140 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

CVE-2026-6113

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...

CVE-2026-6116

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is...

CVE-2026-4194

CVE-2026-4194 affects multiple D-Link DNS devices (e.g., DNS-120, DNS-320 family, DNS-1550-04, others) with the vulnerable element in the CGI: /cgi-bin/system_mgr.cgi, function cgi_set_wto. The issue is improper access controls due to manipulating this function, enabling remote exploitation. Mult...

[SECURITY] Fedora 42 Update: perl-CGI-Simple-1.282-1.fc42

Simple totally OO CGI interface that is CGI.pm compliant...

EUVD-2019-16770

Malware in sbrugna...

EUVD-2019-19043

Malware in sbrugna...

EUVD-2023-45703

Malicious code in bioql PyPI...

CVE-2025-34116

IPFire before 2.19 Core Update 101 is vulnerable to remote command execution via the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted NCSA user creation fields, leading to command execution with web server privileges. Remediation: update to IP...

CVE-2019-9677

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X...

PT-2025-6736

Name of the Vulnerable Software and Affected Versions TP-Link Archer C20 router versions V6.6 230412 and earlier Description A vulnerability in the TP-Link Archer C20 router permits unauthorized individuals to bypass the authentication of some interfaces under the /CGI directory. By adding a...

AZL-50132 CVE-2024-8927 affecting package php for versions less than 8.1.30-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

Vulnerability fixed in Zyxel Access Points and Secure Routers

Zyxel has fixed a vulnerability in several types of Access Points and Secure Routers. The vulnerability is in the way the cgi system processes the 'host' parameter and allows a malicious person to execute OS-level commands. For successful exploitation, the malicious party must have access to the...

CVE-2023-41186

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2024-1783

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130/9.3.5u.6698B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument httphost leads to stack-based buffer overflow...

CVE-2024-0998

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack...

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T lanIp parameter. The vulnerability stems from the failure of the lanIp parameter of the setLanConfig interface of cstecgi .cgi to properly filter...

PT-2023-8034 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...

PT-2023-3759 · Zyxel · Zyxel Nr7101

Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 versions prior to V1.00ABUV.8C0 Description: The issue is related to a buffer overflow in the CGI interface of the Zyxel NR7101 firmware. This could allow a remote attacker to cause denial of service DoS conditions by sending a...

SUSE CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...