EUVD-2026-31762

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

EUVD-2026-31674

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...

CVE-2026-9433 Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated...

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

CVE-2026-7748

Totolink N300RH (firmware 3.2.4-B20220812) is affected by a buffer overflow in the POST handler function setUpgradeFW within /cgi-bin/cstecgi.cgi. The vulnerability stems from manipulation of the FileName argument, allowing remote exploitation. Exploit code is publicly available per the CVE entry...

EUVD-2026-26873

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

TOTOLINK WA300 缓冲区错误漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The TOTOLINK WA300 5.2cu.7112B20190227 version contains a buffer overflow vulnerability. This vulnerability stems from the function UploadCustomModule in the POST Request Handler component’s file...

TOTOLINK NR1800X 注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a vulnerability that stems from the operation of the...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from an unknown function in the CGI Handler component file /cgi-bin/cstecgi.cgi, which manipulates th...

CVE-2026-7240

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

CVE-2026-7136

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the setWiFiAclRules function in the CGI Handler component’s...

PT-2026-35454

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

PT-2026-35411

A vulnerability has been found in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

EUVD-2026-25259

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34711

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31164

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31173

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31171

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R interval parameter, which occurs when the /cgi-bin/cstecgi.cgi file fails to properly handle the interval parameter and can be exploited by an attacker ...