EUVD-2026-35295

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

CVE-2026-7720

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-9436

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

CVE-2026-9515

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

PT-2026-43151

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description A security flaw in the Setting Handler component allows for remote OS command injection. This occurs through the manipulation of the admuser and admpass arguments within the setPasswordCfg functi...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability that originates from os command injection in the operation of the parameter hosttime in the...

CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

EUVD-2026-26470

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

PT-2026-34671

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31173

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31167

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-6154 Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

PT-2026-32239

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the wizard argument in the setWizardCfg function within the...

CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

CVE-2026-6113

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack...

CVE-2026-6027

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

CVE-2026-6026

Totolink A7100RU 7.4cu.2313_b20191024: CGI Handler (/cgi-bin/cstecgi.cgi) setPortalConfWeChat is vulnerable. Manipulating the enable argument leads to os command injection; attack can be initiated remotely and public exploit code exists. Affected component is CGI Handler and the issue stems from ...

CVE-2026-5976

Totolink A7100RU, firmware 7.4cu.2313_b20191024, vulnerable in the CGI Handler via /cgi-bin/cstecgi.cgi function setStorageCfg. Manipulating the sambaEnabled argument leads to an OS command injection, exploitable remotely with a public exploit. Affects component: CGI Handler; vulnerable function:...