CVE-2025-9934

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415B20250515. This affects the function sub410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and...

The vulnerability of the setDiagnosisCfg() function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software allows a intruder to execute arbitrary code.

The vulnerability of the setDiagnosisCfg function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execut...

TOTOLINK T6 注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An injection vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from a command injection due to the incorrect operation of the function setDiagnosisCfg on the parameter ip in the fil...

CVE-2025-5904

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument devicename leads to buffer overflow. Th...

The vulnerability of the sub_410C80() function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system, which allows a hacker to execute arbitrary commands.

The vulnerability of the sub410C80 function in the cstecgi.cgi script of the TOTOLINK X18 router’s microprogramming system is related to the lack of data cleaning measures at the control level when processing the mtkhnatEnable parameter. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the sMinute parameter. Exploiti...

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the eHour parameter. Exploiting...

The vulnerability of the setSSServer() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setSSServer function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the lack of measures to sanitize input data when processing parameters such as password, port, and timeout. Exploiting this vulnerability allows a remote...

The vulnerability of the setL2tpServerCfg() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the setL2tpServerCfg function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when dealing with parameters such as mtu...

CVE-2024-8573

A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc/week/sTime/eTime leads to buffer overflow. It is...

PT-2024-6467 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...

TOTOLINK EX1200L 安全漏洞

The TOTOLINK EX1200L is a wireless repeater from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200L suffers from a stack buffer overflow vulnerability that originates from the parameter langType of the setLanguageCfg function of the file /www/cgi-bin/cstecgi.cgi, which can lead to a...

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK N350RT router’s software, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK N350RT router microprogramming system is related to the issue of data being written outside of the buffer in memory when processing the ssid parameter. Exploiting this vulnerability allows an attacker ...

The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system, which allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system is related to the issue of data being written outside the buffer in memory when processing the httphost parameter. Exploiting this vulnerability allows a malicious...

CVE-2024-7336

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument httphost leads to buffer overflow. The attack can be launched remotely. The exploit...

CVE-2024-7187

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely...

PT-2024-38137 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...

CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

TOTOLINK N200RE setLanguageCfg function stack buffer overflow vulnerability

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the lang parameter of the setLanguageCfg function of /cgi-bin/cstecgi.cgi. No...

The vulnerability of the setParentalRules() function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system, which allows a violator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setParentalRules function in the cstecgi.cgi script of the Totolink N200RE router’s microprogramming system is related to the issue of the operation exceeding the buffer in memory when processing the parameters eTime, week, and sTime. Exploiting this vulnerability could...