CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedhatCVE•added 2026/05/26 8:14 p.m.•8 views

CVE-2026-9435

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...

10CVSS7.1AI score0.01254EPSS

Exploits0References1

ATTACKERKB•added 2026/04/27 7:30 p.m.•2 views

CVE-2026-7152

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnetenabled leads to os command injection. It is possible to launch the attac...

10CVSS8.4AI score0.01221EPSS

Exploits0References5Affected Software1

NVD•added 2026/04/23 6:16 p.m.•3 views

CVE-2026-31159

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS0.00285EPSS

Exploits1References1

CVE•added 2026/04/23 12:0 a.m.•2 views

CVE-2026-31164

ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable to command execution via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. The CVE-2026-31164 entry notes this as a network-based vulnerability with CVSSv3.1: 6.5 (MEDIUM), requiring no privileges and no user interaction. Connected sour...

6.5CVSS6.1AI score0.00285EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/04/13 12:0 a.m.•3 views

TOTOLINK A7000R 安全漏洞

TOTOLINK A7000R is a wireless router product that is mainly used to provide network connectivity and Wi-Fi access. TOTOLINK A7000R suffers from a stack buffer overflow vulnerability. The vulnerability stems from the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file failing to properly...

9CVSS7.4AI score0.00031EPSS

Exploits0References5

NVD•added 2026/04/10 2:16 a.m.•0 views

CVE-2026-5997

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the atta...

10CVSS0.01221EPSS

Exploits0References5

RedhatCVE•added 2026/02/09 7:23 p.m.•3 views

CVE-2026-2167

A vulnerability was detected in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and m...

8.8CVSS5.3AI score0.00408EPSS

Exploits1References1

CNNVD•added 2026/01/28 12:0 a.m.•1 views

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “pluginname” in the setUnloadUserData function located in the...

9.8CVSS6.6AI score0.0067EPSS

Exploits1References6

CNVD•added 2025/04/22 12:0 a.m.•1 views

TOTOLINK A3700R cstecgi.cgi setUPnPCfg Improper Access Control Vulnerability

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

6.9CVSS5.3AI score0.00231EPSS

Exploits1References1

Cvelist•added 2024/07/29 4:31 a.m.•14 views

CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

9CVSS0.00322EPSS

Exploits1References4

CNVD•added 2024/01/30 12:0 a.m.•18 views

TOTOLINK N350RT Session Hijacking Vulnerability

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a session hijacking vulnerability, which is caused by insufficient session expiration in the /cgi-bin/cstecgi.cgi script. An attacker could use this vulnerability to access other...

5.3CVSS6.7AI score0.00078EPSS

Exploits0References1

Prion•added 2024/01/29 1:15 p.m.•13 views

Stack overflow

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely...

8.3CVSS7.2AI score0.00095EPSS

Exploits1References3Affected Software1

NVD•added 2024/01/16 1:15 p.m.•15 views

CVE-2024-0569

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.83320220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to...

9.1CVSS5.6AI score0.00365EPSS

Exploits1References6

CNNVD•added 2024/01/09 12:0 a.m.•1 views

Totolink T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in Totolink T6 version 4.1.9cu.5241B20210923, which originates from the component HTTP POST Request Handler in the file /cgi-bin/cstecgi.cgi that fails to correctly validate t...

10CVSS8.1AI score0.00468EPSS

Exploits1References4