227 matches found
CVE-2026-9513
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
CVE-2026-9513
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
PT-2026-43152
Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description A weakness in the Setting Handler component allows for remote OS command injection. This occurs through the manipulation of the host time argument within the NTPSyncWithHost function of the...
CVE-2026-7721
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7721 Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7721
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
EUVD-2026-26874
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
CVE-2026-7721 Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection
A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...
TOTOLINK WA300 注入漏洞
TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The Totolink WA300 5.2cu.7112B20190227 version has a vulnerability due to an issue with the function NTPSyncWithHost in the file/cgi-bin/cstecgi.cgi. This issue allows for command injection through the parameter...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
EUVD-2026-16971
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030 Totolink NR1800X Telnet Service cstecgi.cgi NTPSyncWithHost command injection
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
Totolink NR1800X (version 9.1.0u.6279_B20210910) is affected by a command injection in Telnet Service, via NTPSyncWithHost in /cgi-bin/cstecgi.cgi where manipulating the host_time argument enables remote execution. Public exploits exist. Remediation/mitigation: disable the Telnet Service as a tem...
TOTOLINK NR1800X 命令注入漏洞
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...