CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

CVE-2026-9512

CVE-2026-9512 affects Totolink CA750-PoE (firmware 6.2c.510) in the Setting Handler’s /cgi-bin/cstecgi.cgi, where manipulating the admuser/admpass arguments enables an os command injection in the setPasswordCfg function. The issue is remotely exploitable and, per the metrics, has an in-the-wild p...

PT-2026-43151

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description A security flaw in the Setting Handler component allows for remote OS command injection. This occurs through the manipulation of the admuser and admpass arguments within the setPasswordCfg functi...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China-based TOTOLINK Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK CA750-PoE version 6.2c.510, which originates from an OS command injection in the Setting Handler component of the setPasswordCfg...

CVE-2026-5184

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be use...

EUVD-2026-17335

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be use...

CVE-2026-5184

Summary: CVE-2026-5184 affects TRENDnet TEW-713RE (firmware up to 1.02). The vulnerability lies in an unknown function of the file /goform/setSysAdm where manipulating the admuser argument triggers a command injection . The issue is exploitable remotely and exploitation is publicly available. Mul...

CVE-2026-5184

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be use...

PT-2026-29201

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-713RE versions up to 1.02 Description A flaw exists in TRENDnet TEW-713RE up to version 1.02. This issue involves command injection stemming from manipulation of the admuser argument within the file /goform/setSysAdm. The attack c...

TRENDnet TEW-713RE 命令注入漏洞

TRENDnet TEW-713RE is a wireless network range extender produced by the TRENDnet company. Versions of TRENDnet TEW-713RE prior to 1.02 contained a command injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “admuser” in the file/goform/setSysAdm, which cou...

EUVD-2023-41091

Malicious code in bioql PyPI...

CVE-2023-37171

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

CVE-2023-24160

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...

CVE-2022-42999

D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command injection vulnerabilities via the admuser and admpass parameters at /goform/setSysAdm...

CVE-2022-28915

D-Link DIR-816 A2v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm...

CVE-2023-51025

TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi...

CVE-2023-51025

TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi...

Command injection

TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi...

CVE-2023-51025

CVE-2023-51025 affects TOTOLINK EX1800T v9.1.0cu.2112_B20220316. The vulnerability is an unauthorized arbitrary command execution in the admuser parameter of the setPasswordCfg interface of the cstecgi.cgi, caused by inadequate filtering of constructed commands. Impact is high (arbitrary commands...