CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 5 days ago•6 views

CVE-2026-6140

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

10CVSS7.5AI score0.00316EPSS

CVE-2026-6029

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

RedhatCVE•added 5 days ago•6 views

CVE-2026-6028

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...

RedhatCVE•added 5 days ago•4 views

CVE-2026-6154

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

10CVSS7.4AI score0.01221EPSS

10CVSS7.4AI score0.01221EPSS

CVE-2026-6156

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...

RedhatCVE•added 5 days ago•4 views

CVE-2026-6194

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of...

9CVSS8AI score0.00085EPSS

RedhatCVE•added 5 days ago•7 views

CVE-2026-6138

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploi...

10CVSS7.4AI score0.01221EPSS

RedhatCVE•added 5 days ago•4 views

CVE-2026-6026

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...

9CVSS7.8AI score0.00099EPSS

CVE-2026-8137

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

Nuclei•added 6 days ago•102 views

TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

9.8CVSS7.7AI score0.93579EPSS

Exploits2References5

RedhatCVE•added 2026/06/02 4:1 p.m.•9 views

CVE-2026-10187

A vulnerability was detected in Totolink N300RH 6.1c.1353B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is...

10CVSS6.3AI score0.00192EPSS

Exploits1References1

Nuclei•added 2026/06/02 10:14 a.m.•55 views

TOTOLink - Unauthenticated Command Injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. id: CVE-2023-30013 info: name: TOTOLink - Unauthenticated...

9.8CVSS7.6AI score0.92398EPSS

Exploits4References4

NVD•added 2026/05/31 3:16 p.m.•13 views

CVE-2026-10187

10CVSS0.00192EPSS

EUVD•added 2026/05/31 2:15 p.m.•8 views

EUVD-2026-33509

ATTACKERKB•added 2026/05/31 2:15 p.m.•10 views

CVE-2026-10187

Exploits1References7Affected Software1

Cvelist•added 2026/05/31 2:15 p.m.•32 views

CVE-2026-10187 Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow

10CVSS0.00192EPSS

Vulnrichment•added 2026/05/31 2:15 p.m.•8 views

CVE-2026-10187 Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow

CVE•added 2026/05/31 2:15 p.m.•19 views

CVE-2026-10187

The CVE-2026-10187 entry concerns Totolink N300RH (firmware 6.1c.1353_B20190305). The vulnerability affects the Web Management Interface’s file wireless.so in the setWiFiBasicConfig function; manipulating the argument KeyStr triggers a stack-based buffer overflow. This enables remote code executi...