CVE-2026-9513

Totolink CA750-PoE 6.2c.510 is affected by CVE-2026-9513 in the NTPSyncWithHost path /cgi-bin/cstecgi.cgi (Setting Handler). The vulnerability stems from improper handling of the host_time argument, enabling os command injection with remote access. The issue affects the specific function NTPSyncW...

CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...

CVE-2026-7721

Totolink WA300 5.2cu.7112_B20190227 is affected via /cgi-bin/cstecgi.cgi NTPSyncWithHost. The vulnerability arises from manipulating the hostTime argument in NTPSyncWithHost, enabling remote command injection. Reported exploitability is network-based with low privilege requirements and no user in...

CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...

PT-2026-28742

Name of the Vulnerable Software and Affected Versions Totolink NR1800X version 9.1.0u.6279 B20210910 Description A command injection issue exists in the Telnet Service component of Totolink NR1800X. The issue is located in the NTPSyncWithHost function within the /cgi-bin/cstecgi.cgi file...

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...

CVE-2025-70328

TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...

CVE-2025-70328

TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...

TOTOLINK X6000R 安全漏洞

The TOTOLINK X6000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK X6000R v9.4.0cu.1498B20250826 version contains a security vulnerability. This vulnerability stems from improper cleanup of the hosttime parameter in the NTPSyncWithHost handler, which may allow...

CVE-2025-70328

Summary (CVE-2025-70328) TOTOLINK X6000R is affected by an OS command injection in the NTPSyncWithHost handler of /usr/sbin/shttpd balloted at v9.4.0cu.1498_B20250826. The vulnerability arises from how the host_time parameter is obtained via sub_40C404 and handed to a shell command (date -s) thro...

CVE-2025-70328

TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...

CVE-2022-37082

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the hosttime parameter at the function NTPSyncWithHost...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK A3300R V17.0.0cu.596B20250515, which originates from a command injection in the hosttime parameter of the NTPSyncWithHost function...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

CVE-2025-55901

CVE-2025-55901 concerns TOTOLINK A3300R, firmware version V17.0.0cu.596_B20250515, where the NTPSyncWithHost function’s host_time parameter enables command injection. The Red Hat/NVD/CNNVD etc. sources confirm a vulnerability in this device, with the impact described as potential unauthorized com...

EUVD-2025-203393

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

PT-2025-51256

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version V17.0.0cu.596 B20250515 Description The TOTOLINK A3300R router firmware contains a command injection flaw in the NTPSyncWithHost function. The issue is triggered through the host time parameter. This allows for potentia...