8681 matches found
CVE-2026-31169
CVE-2026-31169 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi, with network access and no privileges required (CVSS 3.1: 6.5, Low confidentiality/integrity impact, no availability im...
CVE-2026-31167
CVE-2026-31167 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue is arbitrary commands execution via the mode parameter to /cgi-bin/cstecgi.cgi. Reported CVSS 3.1 base score 6.5 (Network, low complexity, no privileges required, user interaction not required). The connected sourc...
CVE-2026-31176
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected by CVE-2026-31176 where an attacker can execute arbitrary commands by sending a crafted stun-user parameter to /cgi-bin/cstecgi.cgi. The CVSS v3.1 base score is 6.5 (Medium) with network attack vector, no privileges required, and no use...
PT-2026-34706
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31164
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31168
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34673
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31178
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31181
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31179
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31160
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R hour parameter, which originates from the cstecgi.cgi file failing to properly validate the hour parameter, and can be exploited by an attacker to execute...
CVE-2026-31162
Summary: CVE-2026-31162 affects ToToLink A3300R firmware. The issue is a command-injection problem in the web interface: an attacker can execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi in firmware version v17.0.0cu.557_B20221024. The CVSS 3.1 vector indicates network a...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...
CVE-2026-31163
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31172
The CVE-2026-31172 entry concerns ToToLink A3300R firmware, version 17.0.0cu.557_B20221024. The issue is a command injection in the CGI interface: attacker-controlled input in the user parameter to /cgi-bin/cstecgi.cgi can lead to arbitrary command execution on the device. According to the NVD en...
CVE-2026-31181
CVE-2026-31181 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. An arbitrary command execution vulnerability exists via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi, enabling likely remote code execution over the network. The CVSS v3.1 base score is 9.8 (CRITICAL) with high impac...
CVE-2026-31159
The CVE-2026-31159 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a command-injection in /cgi-bin/cstecgi.cgi triggered by the password parameter, enabling arbitrary command execution. Base score 6.5 (Medium) with network attack vector, low attack complexity, and n...
CVE-2026-31169
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...