CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...

TOTOLINK WA300 命令注入漏洞

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK WA300 version 5.2cu.7112B20190227, which stems from incorrect manipulation of the parameter UPLOADFILENAME in the file cstecgi.cgi, which can lead to command...

CVE-2025-46060

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866B2022506 allows a remote attacker to execute arbitrary code via the UPLOADFILENAME component...

CVE-2025-46060

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866B2022506 allows a remote attacker to execute arbitrary code via the UPLOADFILENAME component...

Directory traversal

Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases TRUC 0.11.0 allows remote attackers to read arbitrary files via a .. dot dot in the uploadfilename parameter...