EUVD-2026-26017

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

CVE-2026-7155

Technical details are not publicly available in the provided documents. Monitor for updates regarding CVE-2026-7155 Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg OS command injection.

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-6155

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...

CVE-2026-5311

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection

A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...

TOTOLINK N300RH 操作系统命令注入漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 6.1c.1353B20190305 contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter webWlanIdx in the function...

CVE-2026-2528

A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function DeleteMaclist of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to command injection. Remote exploitation of the attack is possible. The exploit i...

CVE-2026-1158 Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow

A security flaw has been discovered in Totolink LR350 9.3.5u.6369B20220309. This vulnerability affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack can be...

CVE-2022-31873

Trendnet IP-110wn camera fwtv-ip110wnv21.2.2.68 has an XSS vulnerability via the prefix parameter in /admin/general.cgi...

CVE-2025-11444

TOTOLINK N600R is affected: the buffer overflow exists in the HTTP Request Handler’s setWiFiBasicConfig function, in /cgi-bin/cstecgi.cgi, triggered by manipulating the wepkey argument. This vulnerability allows remote exploitation and has publicly available PoCs. Affected firmware versions are p...

EUVD-2020-29133

Malware in sbrugna...

EUVD-2023-26928

Malicious code in bioql PyPI...

EUVD-2023-53259

Malicious code in bioql PyPI...

CVE-2025-10358

A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument deletelist leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly...

CVE-2025-9149

A vulnerability was determined in Wavlink WL-NU516U1 M16U1V240425. This impacts the function sub4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guestssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

PT-2025-23480 · Multilaser · Multilaser Sirius Re016 Mlt1.0

Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A problem was found in the processing of the file /cgi-bin/cstecgi.cgi, which leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and...

PT-2025-6882 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: A critical issue affects the setL2tpdConfig function of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be initiated...

D-Link多款产品 命令注入漏洞

D-Link DNS-325 and others are a NAS Network Attached Storage device from China's D-Link Corporation. A command injection vulnerability exists in various D-Link products, which originates from a command injection flaw in the fakey parameter of the cgis3 function in the /cgi-bin/s3.cgi file. The...

PT-2024-6486 · D Link · Dns-320L +18

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 up to 20240814 Description: A...