CVE-2026-32699

FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass this restriction b...

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-41927 WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...

CVE-2026-41924

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

CVE-2026-7750

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument macaddress results in buffer overflow. The attack may be launched...

CVE-2026-7750

Totolink N300RH (version 3.2.4-B20220812) contains a buffer overflow in the POST Request Handler function setMacFilterRules (file /cgi-bin/cstecgi.cgi) triggered by manipulation of the mac_address argument. The issue is exploitable remotely, with public exploit material available. Affects the N30...

CVE-2026-7750 Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument macaddress results in buffer overflow. The attack may be launched...

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

CVE-2026-7749

Totolink N300RH version 3.2.4-B20220812 is affected. The vulnerability is in the POST Request Handler function setWanConfig (file /cgi-bin/cstecgi.cgi); manipulating the priDns argument can cause a buffer overflow. The issue can be triggered remotely, and the exploit has been publicly disclosed (...

CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-7720

CVE-2026-7720 – Totolink WA300 : The weakness affects the POST Request Handler in /cgi-bin/cstecgi.cgi, specifically the setLanguageCfg function, where manipulating the langType argument leads to a command injection. Remote exploitation is possible and a public exploit exists. Connected sources c...

EUVD-2026-26873

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

CVE-2026-7719

The CVE-2026-7719 entry describes a buffer overflow in Totolink WA300’s /cgi-bin/cstecgi.cgi loginauth handler (affected component: POST Request Handler). Specifically, manipulation of the http_host argument can overflow a buffer, enabling a remote attack. Public exploit details are indicated (ex...

CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

CVE-2026-7718

Totolink WA300 is affected by CVE-2026-7718 due to a vulnerability in the POST Request Handler’s function setWebWlanIdx (file /cgi-bin/cstecgi.cgi). The issue arises from manipulating the webWlanIdx parameter, enabling command injection. Impact is described with low to moderate confidentiality, i...

CVE-2026-7717

Totolink WA300 5.2cu.7112_B20190227 is affected by CVE-2026-7717. The vulnerability is in the POST Request Handler’s UploadCustomModule function (file path: /cgi-bin/cstecgi.cgi). Manipulating the File argument can trigger a buffer overflow, and the issue can be exploited remotely. Exploitation i...

EUVD-2026-26868

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...