TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device developed by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the fwUrl/magicid parameters in the...

CVE-2026-9387

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

CVE-2026-7748

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

PT-2026-36603

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description An issue exists in the Firmware Update Handler component within the cameo dev.sh file. Specifically, the platform do upgrade cameo dev function fails to sufficiently verify data...

CVE-2026-4497

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

PT-2026-26663

A vulnerability was determined in Totolink WA300 5.2cu.7112 B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed an...

PT-2026-25025

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set upgrade function via the modem url, target version, current version, firmware upload, hash type, hash value, and upgrade type parameters. These vulnerabilities allow attackers to execute...

CVE-2026-3661

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

EUVD-2026-10141

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

CVE-2025-15191

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fotaurl causes command injection. Remote exploitation of the attack is possible. The exploit has been mad...

CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the...

EUVD-2022-50784

Malicious code in bioql PyPI...

EUVD-2022-50786

Malicious code in bioql PyPI...

CVE-2025-6619

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit...

PT-2025-26873 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A critical issue was found, affecting the setUpgradeFW function of the upgrade.so file. The manipulation of the FileName argument leads to os command injection. This issue can be exploited...

CVE-2023-51092

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function upgrade...

CVE-2025-44844

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CA600-PoE 安全漏洞

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setUpgradeFW function failing to properly filter construct command special characters, commands, etc. No detailed...

CVE-2024-47943

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the...