CVE-2026-7139

The CVE concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). The flaw is in the CGI handler function setWiFiAclRules within /cgi-bin/cstecgi.cgi, where argument mode manipulation enables remote OS command injection. The exploit is published and can be used remotely without authentication; im...

CVE-2025-5903

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the...

CVE-2024-46451

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter...

CVE-2024-24333

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function...

CVE-2024-46451

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter...

PT-2024-31993 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: The issue is a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. This vulnerability can be exploited, but details about the estimated number of...