52 matches found
EUVD-2026-26873
A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...
CVE-2026-6026 Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...
CVE-2026-5177
A weakness has been identified in Totolink A3300R 17.0.0cu.557b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit...
CVE-2026-1326 Totolink NR1800X POST Request cstecgi.cgi setWanCfg command injection
A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...
EUVD-2023-44649
Malicious code in bioql PyPI...
EUVD-2025-22753
Malicious code in bioql PyPI...
EUVD-2025-25902
Malicious code in bioql PyPI...
EUVD-2022-32935
Malicious code in bioql PyPI...
EUVD-2024-49276
Malicious code in bioql PyPI...
EUVD-2025-8682
Malicious code in bioql PyPI...
EUVD-2024-16088
Malicious code in bioql PyPI...
EUVD-2023-50637
Malicious code in bioql PyPI...
EUVD-2023-50698
Malicious code in bioql PyPI...
EUVD-2024-16091
Malicious code in bioql PyPI...
EUVD-2024-16367
Malicious code in bioql PyPI...
PT-2025-35484
Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R version 4.0.0-B20211108.1423 Description: A buffer overflow issue exists in the sub 419BE0 function of the /boafrm/formIpQoS file. Manipulation of the mac argument causes the overflow, and the attack can be initiated remotely...
CVE-2025-8181
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...
CVE-2025-44655
In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chrootlocaluser option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...
CVE-2025-44655
In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chrootlocaluser option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...
CVE-2025-6620
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has bee...