CVE-2026-5102

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

CVE-2026-5101

A vulnerability was identified in Totolink A3300R 17.0.0cu.557b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The...

EUVD-2026-16961

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched...

CVE-2026-4497

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

EUVD-2026-10203

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability arises from incorrect handling of the parameter FileName in the file /cgi-bin/cstecgi.cgi, which may lead to command...

CVE-2026-1327

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

EUVD-2026-3224

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be...

CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

PT-2026-5232

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 4.1cu.4154 Description A flaw exists in the setUnloadUserData function within the /cgi-bin/cstecgi.cgi file of the affected product. Manipulation of the plugin name argument can lead to command injection. This allows fo...

TOTOLINK LR1200GB Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...

CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack...

CVE-2025-60686

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers A720R V4.1.5cu.614B20230630, LR1200GB V9.1.0u.6619B20230130, and NR1800X V9.1.0u.6681B20230703. Both programs parse the contents of /proc/net/arp using sscanf with "%s" format...

CVE-2025-12260

CVE-2025-12260 concerns TOTOLINK A3300R (firmware 17.0.0cu.557_B20221024). The vulnerability lies in the function setSyslogCfg within the file /cgi-bin/cstecgi.cgi, in the POST Parameter Handler, where manipulation of the enable argument leads to a stack-based buffer overflow. The issue is exploi...

CVE-2025-12240

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2025-12240

A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2025-12239

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

EUVD-2025-36127

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter recHour of the setScheduleCfg function o...