CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

CVE-2024-42737

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...

PT-2024-38122 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue has been found, affecting the setWanCfg function of the file /cgi-bin/cstecgi.cgi. The manipulation of the hostName argument leads to command injection. This issue ca...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

PT-2024-1395 · Totolink · Totolink T8

Name of the Vulnerable Software and Affected Versions: Totolink T8 version 4.1.5cu.833 20220905 Description: A vulnerability was found in the file /cgi-bin/cstecgi.cgi of the Totolink T8, which is related to incorrect session expiration. The manipulation of this issue can lead to session...

PT-2024-1062 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6139 B202012 Description: The issue is related to a stack-based buffer overflow in the loginAuth function of the /cgi-bin/cstecgi.cgi file, which can be exploited remotely. This is due to the manipulation of the...

The vulnerability of QTS web servers for operating systems and QNAP network storage devices allows a hacker to execute arbitrary code.

The vulnerability of the QTS web server for operating systems and QNAP network storage devices is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via CGI scripts from the /mnt/HDAROOT/home/httpd/cgi-bin...

VulnCheck KEV: CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

ECESSA ShieldLink SL175EHQ Cross-Site Request Forgery Vulnerability

ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA, which includes ISP/WAN link aggregation, load balancing and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4. A remote attacker can exploit this vulnerability to add ...

PT-2016-3443 · NetGear · Netgear R6250 +9

Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions 1.0.4.6.Beta and earlier NETGEAR R6400 versions 1.0.1.18.Beta and earlier NETGEAR R6700 versions 1.0.1.14.Beta and earlier NETGEAR R6900 affected versions not specified NETGEAR R7000 versions 1.0.7.6.Beta and earlier...

PT-2016-6697 · NetGear · R6400 +11

Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions 1.0.0 through 1.0.4.6.Beta NETGEAR R6400 versions 1.0.0 through 1.0.1.18.Beta NETGEAR R6700 versions 1.0.0 through 1.0.1.14.Beta NETGEAR R6900 version 1.0.0 NETGEAR R7000 versions 1.0.0 through 1.0.7.6.Beta NETGEAR...