CVE-2026-44089 Buffer Overflow in Totolink EX1200L router

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

CVE-2026-31164

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

CVE-2026-6028

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely...

EUVD-2026-31768

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...

CVE-2026-9456

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The...

EUVD-2026-31677

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2026-9432

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an OS command injection vulnerability, which originates from an os command injection in the operation of the parameter webWlanIdx by the...

PT-2026-43157

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. The setNetworkDiag function within the '/cgi-bin/cstecgi.cgi' endpoint fails to properly sanitize several arguments, allowin...

PT-2026-43099

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be perform...

EUVD-2026-31606

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

CVE-2026-9388

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

CVE-2026-9384

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

CVE-2026-7750 Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument macaddress results in buffer overflow. The attack may be launched...

CVE-2026-7152

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnetenabled leads to os command injection. It is possible to launch the attac...

CVE-2026-7137

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack ...