CVE-2026-9432

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...

CVE-2026-9406

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an OS command injection vulnerability, which originates from an os command injection in the operation of the parameter webWlanIdx by the...

PT-2026-43099

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be perform...

PT-2026-43157

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. The setNetworkDiag function within the '/cgi-bin/cstecgi.cgi' endpoint fails to properly sanitize several arguments, allowin...

EUVD-2026-31606

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

CVE-2026-9388

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

CVE-2026-9384

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

Panabit PAP-XM320 操作系统命令注入漏洞

Panabit PAP-XM320 is an enterprise-level Internet behavior management and traffic control gateway device developed by Panabit Corporation. Versions of Panabit PAP-XM320 prior to v7.7 contain a vulnerability related to operating system command injection. This vulnerability arises from the...

CVE-2026-36828

A command injection vulnerability exists in the /cgi-bin/tools/ajaxcmd endpoint of Panabit PAP-XM320 up to and including v7.7. The CGI component allows authenticated users to execute arbitrary shell commands with root privileges via the action=runcmd parameter...

PT-2026-39570

A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi speed/cgi dhcpd lease/cgi ddns/cgi set ip/cgi upnp del/cgi dhcpd/cgi upnp add/cgi upnp edit of the file /cgi-bin/network mgr.cgi. The manipulation leads to os command injection. The attack is possib...

Wavlink NU516U1 命令注入漏洞

Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the handling of parameters wlchannel/wlPass/EncrypType in the changewifipassword function located in the...

PT-2026-39336

A vulnerability has been found in Wavlink NU516U1 M16U1 V240425. Affected is the function change wifi password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl channel/wl Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2026-7719

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the setAppFilterCfg function in the /cgi-bin/cstecgi.cgi file, specifically wit...

CVE-2026-7750 Totolink N300RH POST Request cstecgi.cgi setMacFilterRules buffer overflow

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument macaddress results in buffer overflow. The attack may be launched...

EUVD-2026-26874

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

EUVD-2026-26870

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

PT-2026-36695

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists in the set sys cmd function within the '/cgi-bin/adm.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary commands by manipulating t...