CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/14 1:22 a.m.•1 views

CVE-2026-5850

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

10CVSS5.6AI score0.00371EPSS

RedhatCVE•added 2026/04/13 7:23 p.m.•2 views

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS5.5AI score0.01221EPSS

ATTACKERKB•added 2026/04/13 5:30 p.m.•4 views

CVE-2026-6195

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

10CVSS5.6AI score0.01235EPSS

Cvelist•added 2026/04/13 5:30 p.m.•18 views

CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection

10CVSS0.01235EPSS

CVE•added 2026/04/13 5:30 p.m.•9 views

CVE-2026-6195

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by a vulnerability in CGI Handler’s /cgi-bin/cstecgi.cgi setPasswordCfg. Manipulating the admpass argument enables os command injection and can be exploited remotely. The exploit is publicly disclosed. No additional technical details (e...

10CVSS7AI score0.01235EPSS

RedhatCVE•added 2026/04/13 1:22 p.m.•3 views

CVE-2026-6116

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is...

10CVSS6.8AI score0.01221EPSS

EUVD•added 2026/04/13 6:30 a.m.•2 views

EUVD-2026-21851

A flaw has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS5.5AI score0.01153EPSS

Exploits0References6

EUVD•added 2026/04/13 6:30 a.m.•1 views

EUVD-2026-21812

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...

10CVSS5.5AI score0.01221EPSS

Exploits0References6

NVD•added 2026/04/13 5:16 a.m.•4 views

CVE-2026-6158

7.5CVSS0.01153EPSS

NVD•added 2026/04/13 4:16 a.m.•0 views

CVE-2026-6155

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...

10CVSS0.01221EPSS

CVE•added 2026/04/13 4:0 a.m.•6 views

CVE-2026-6158

The CVE-2026-6158 entry concerns Totolink N300RH (firmware 6.1c.1353_B20190305). The vulnerability lies in the upgrade subsystem: the function setUpgradeUboot in upgrade.so accepts a FileName argument and can be manipulated to trigger an OS command injection. This flaw enables remote execution an...

7.5CVSS6.8AI score0.01153EPSS

Vulnrichment•added 2026/04/13 4:0 a.m.•2 views

CVE-2026-6158 Totolink N300RH upgrade.so setUpgradeUboot os command injection

7.5CVSS6.8AI score0.01153EPSS

ATTACKERKB•added 2026/04/13 4:0 a.m.•1 views

CVE-2026-6158

7.5CVSS6.8AI score0.01153EPSS

CVE•added 2026/04/13 3:15 a.m.•7 views

CVE-2026-6155

CVE-2026-6155 affects Totolink A7100RU running 7.4cu.2313. The vulnerability is in the CGI handler: function setWanCfg in file /cgi-bin/cstecgi.cgi, where manipulation of the argument pppoeServiceName can lead to an OS command injection . The attack may be launched remotely over the network, with...

ATTACKERKB•added 2026/04/13 3:15 a.m.•1 views

CVE-2026-6155

Cvelist•added 2026/04/13 3:15 a.m.•24 views

CVE-2026-6155 Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection

10CVSS0.01221EPSS

Vulnrichment•added 2026/04/13 3:0 a.m.•0 views

CVE-2026-6154 Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

ATTACKERKB•added 2026/04/13 3:0 a.m.•1 views

CVE-2026-6154