CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/31 3:15 a.m.•1 views

CVE-2026-5177

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...

8.8CVSS0.02404EPSS

Cvelist•added 2026/03/31 3:0 a.m.•23 views

CVE-2026-5178 Totolink A3300R cstecgi.cgi setIptvCfg command injection

6.5CVSS0.03664EPSS

Vulnrichment•added 2026/03/31 3:0 a.m.•0 views

CVE-2026-5178 Totolink A3300R cstecgi.cgi setIptvCfg command injection

6.5CVSS6.3AI score0.03664EPSS

Cvelist•added 2026/03/31 1:15 a.m.•25 views

CVE-2026-5176 Totolink A3300R cstecgi.cgi setSyslogCfg command injection

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been release...

7.5CVSS0.01932EPSS

ATTACKERKB•added 2026/03/31 1:15 a.m.•1 views

CVE-2026-5176

7.5CVSS5.7AI score0.01932EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29188

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557 b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The...

6.5CVSS5.6AI score0.03664EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29227

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.13 Description OpenClaw is affected by a remote command injection issue in the iMessage attachment staging flow. The issue arises because unsanitized remote attachment paths containing shell metacharacters are...

9.8CVSS6.3AI score0.01973EPSS

Exploits0References9

Positive Technologies•added 2026/03/31 12:0 a.m.•4 views

PT-2026-29201

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE versions up to 1.02 Description A flaw exists in TRENDnet TEW-713RE up to version 1.02. This issue involves command injection stemming from manipulation of the admuser argument within the file /goform/setSysAdm. The attack c...

8.8CVSS6.4AI score0.05811EPSS

Exploits1References7

CVE•added 2026/03/30 9:30 p.m.•10 views

CVE-2026-5153

CVE-2026-5153 concerns Tenda CH22 (v1.0.0.1). The flaw is in the function FormWriteFacMac of the file /goform/WriteFacMac. Manipulating the mac argument can lead to arbitrary command execution, potentially exploitable by an attacker over the network. The vulnerability description notes that the a...

8.8CVSS6.4AI score0.03EPSS

RedhatCVE•added 2026/03/30 10:54 a.m.•2 views

CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

5.8CVSS5.8AI score0.01894EPSS

Exploits0References1

EUVD•added 2026/03/30 3:30 a.m.•4 views

EUVD-2026-17053

A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made...

8.8CVSS5.7AI score0.03638EPSS

EUVD•added 2026/03/30 3:30 a.m.•4 views

EUVD-2026-17054

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

8.8CVSS5.6AI score0.02483EPSS

ATTACKERKB•added 2026/03/30 3:0 a.m.•1 views

CVE-2026-5105

A vulnerability was detected in Totolink A3300R 17.0.0cu.557b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to...

6.5CVSS5.7AI score0.03674EPSS

CVE•added 2026/03/30 3:0 a.m.•12 views

CVE-2026-5105

Summary of CVE-2026-5105 (Totolink A3300R) : A command injection vulnerability exists in Totolink A3300R running 17.0.0cu.557_b20221024. The flaw is in the Parameter Handler’s setVpnPassCfg function, specifically when handling the pptpPassThru argument in /cgi-bin/cstecgi.cgi. Exploitation allows...

8.8CVSS6.5AI score0.03674EPSS

ATTACKERKB•added 2026/03/30 2:0 a.m.•0 views

CVE-2026-5104

6.5CVSS6.3AI score0.02483EPSS

CVE•added 2026/03/30 2:0 a.m.•12 views

CVE-2026-5104

The CVE affects Totolink A3300R 17.0.0cu.557_b20221024. The vulnerable component is the setStaticRoute function in /cgi-bin/cstecgi.cgi, where manipulating the ip argument enables command injection. It can be exploited remotely, and public exploit details have been disclosed. Remediation is to up...

8.8CVSS5.6AI score0.02483EPSS

ATTACKERKB•added 2026/03/30 1:0 a.m.•2 views

CVE-2026-5103

6.5CVSS6.4AI score0.03638EPSS

EUVD•added 2026/03/30 12:31 a.m.•1 views

EUVD-2026-17050

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

8.8CVSS6.4AI score0.02164EPSS

ATTACKERKB•added 2026/03/30 12:0 a.m.•4 views

CVE-2026-5102

6.5CVSS5.7AI score0.02164EPSS