CVE-2026-7748

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

EUVD-2026-26470

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-7241

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

CVE-2026-7122

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates on Totolink A8000RU CGIs, specifically the cstecgi.cgi setUPnPCfg parameter, for potential OS command injection information.

CVE-2026-31181

CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...

PT-2026-32489

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue in the CGI Handler component allows for remote OS command injection. The problem exists in the setPasswordCfg function within the '/cgi-bin/cstecgi.cgi' file. An...

CVE-2026-6025

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

TOTOLINK LR350 security vulnerabilities

TOTOLINK LR350 is a wireless router produced by TOTOLINK Corporation. The TOTOLINK LR350 9.3.5u.6369B20220309 version contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “ssid” in the file /cgi-bin/cstecgi.cgi, which may lead to a buffer overflow...

TOTOLINK N600R 安全漏洞

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 300Mbps. The TOTOLINK N600R suffers from a buffer overflow vulnerability that originates from the...

EUVD-2025-26655

Malicious code in bioql PyPI...

TOTOLINK T6 clearPairCfg Function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. TOTOLINK T6 suffers from a command injection vulnerability that stems from the parameter ip of the function clearPairCfg in the file /cgi-bin/cstecgi.cgi in the...

TOTOLINK N200RE 安全漏洞

TOTOLINK N200RE is a SOHO wireless router with 11N wireless technology, the highest wireless transmission rate of up to 300Mbps, support for MIMO architecture and ATCT free channel auto-detection technology, effectively improve wireless performance and stability. TOTOLINK N200RE has a command...

Multilaser Sirius RE016 授权问题漏洞

Multilaser Sirius RE016 is a network appliance from Multilaser Sirius. An authorization issue vulnerability exists in Multilaser Sirius RE016 MLT version 1.0, which stems from improper authentication in the file /cgi-bin/cstecgi.cgi...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000r is a wireless router manufactured by TOTOLINK. TOTOLINK X5000r has a command injection vulnerability in version 9.1.0cu.2350b20230313. The vulnerability arises because the setAccessDeviceCfg function within the /cgi-bin/cstecgi.cgi file fails to properly validate or clean up...

TOTOLINK EX1200L 安全漏洞

TOTOLINK EX1200L is a dual-band wireless signal amplifier launched by China Gion Electronics, which is mainly used to extend Wi-Fi coverage. TOTOLINK EX1200L suffers from a buffer overflow vulnerability, which originates from the parameter week/sTime/eTime in the file /cgi-bin/cstecgi.cgi that ca...

CVE-2024-7183

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-0570

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended t...