PT-2026-43193

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

EUVD-2022-33967

Malicious code in bioql PyPI...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function magicid parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the failure of the magicid parameter of the CloudSrvUserdataVersionCheck function to correctly filter constructed command...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CA600-PoE 安全漏洞

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the failure of the magicid parameter of the CloudSrvUserdataVersionCheck function to correctly filter constructed command...

PT-2025-18660 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the CloudSrvUserdataVersionCheck function via the magicid parameter. This issue allows attackers to execute arbitrary commands through a...

TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

Command injection

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

PT-2022-19743 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3100R versions V4.1.2cu.5050 B20200504 through V4.1.2cu.5247 B20211129 Description: A command injection issue was discovered via the magicid parameter in the uci cloudupdate config function. This allows for potential exploitation...