EUVD-2026-26874

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

PT-2026-36749

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description An issue exists in the POST Request Handler component where the manipulation of the webWlanIdx argument in the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi' endpoint allows for...

TOTOLINK WA300 命令注入漏洞

TOTOLINK WA300 is a wireless access point from China Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK WA300 version 5.2cu.7112B20190227, which stems from incorrect manipulation of the parameter UPLOADFILENAME in the file cstecgi.cgi, which can lead to command...

TOTOLINK CP300+ 命令注入漏洞

The TOTOLINK CP300+ is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK CP300+ version V5.2cu.7594B20200910, which originates from a command injection vulnerability in the hostTime parameter of the NTPSyncWithHostof function. The...