CVE-2026-5676

A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...

EUVD-2026-19434

A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...

CVE-2025-12241 TOTOLINK A3300R POST Parameter cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the atta...

TOTOLINK EX1200L 安全漏洞

The TOTOLINK EX1200L is a wireless repeater from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200L suffers from a stack buffer overflow vulnerability that originates from the parameter langType of the setLanguageCfg function of the file /www/cgi-bin/cstecgi.cgi, which can lead to a...

CVE-2024-34203

TOTOLINK CP450 v4.1.0cu.747B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function...

PT-2024-25738 · Totolink · Totolink Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP450 version 4.1.0cu.747 B20191224 Description: A stack buffer overflow issue was found in the setLanguageCfg function, which can be exploited. Recommendations: For TOTOLINK CP450 version 4.1.0cu.747 B20191224, consider disabling th...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from a buffer overflow vulnerability that stems from the setLanguageCfg method failing to properly validate the length and size of the input data, which can be exploited by an attacker to...

PT-2023-31738 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution. This is achieved through the langFlag parameter of the "setLanguageCfg" interface in the "cstecgi.cgi" endpoint...

CVE-2023-45984

TOTOLINK X5000R V9.1.0u.6118B20201102 and TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg...

CVE-2023-39617

TOTOLINK X5000RV9.1.0cu.2089B20211224 and X5000RV9.1.0cu.2350B20230313 were discovered to contain a remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

PT-2022-27155 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the lang parameter in the setLanguageCfg function. This allows for potential exploitation after authentication has be...

TOTOLINK N350RT 缓冲区错误漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A buffer error vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a lang parameter command injection issue in the setLanguageCfg method...