Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

766 matches found

CVE
CVEadded 2025/05/05 8:0 a.m.59 views

CVE-2025-4271

TOTOLINK A720R (firmware 4.1.5cu.374) is affected by CVE-2025-4271 due to improper handling of the topicurl parameter in /cgi-bin/cstecgi.cgi. Manipulating topicurl with showSyslog triggers information disclosure over a remote attack. Multiple sources confirm the vulnerability and public exploits...

6.9CVSS6.8AI score0.00527EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2025/05/05 6:31 a.m.17 views

CVE-2025-4268 TOTOLINK A720R cstecgi.cgi missing authentication

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated...

6.9CVSS0.00923EPSS
Exploits1References5
CNVD
CNVDadded 2025/04/22 12:0 a.m.2 views

TOTOLINK A3700R cstecgi.cgi setUPnPCfg Improper Access Control Vulnerability

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

6.9CVSS5.3AI score0.00496EPSS
Exploits1References1
OSV
OSVadded 2025/04/16 3:15 a.m.1 views

CVE-2025-3663

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The...

8.2CVSS5.5AI score0.08042EPSS
Exploits1References5
OSV
OSVadded 2025/02/16 2:15 p.m.3 views

CVE-2025-1340

A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

8.7CVSS6.3AI score
Exploits0References5
VulnCheck KEV
VulnCheck KEVadded 2025/02/12 12:0 a.m.0 views

VulnCheck KEV: CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

9CVSS5.5AI score0.03952EPSS
Exploits2References1
BDU FSTEC
BDU FSTECadded 2025/02/04 12:0 a.m.3 views

The vulnerability of the setVpnAccountCfg() function (located in web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a malicious actor to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function located at web/cgi-bin/cstecgi.cgi in the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command processing when handling the pass parameter. Exploiting th...

10CVSS8.3AI score0.01573EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/01/10 12:0 a.m.5 views

PT-2026-3432

Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A flaw exists in the Totolink LR350 device. This issue is located within the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi file, part of the POST Request Handler component...

8.8CVSS6.6AI score0.02714EPSS
Exploits1References10
Positive Technologies
Positive Technologiesadded 2025/01/09 12:0 a.m.3 views

PT-2025-3384 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version V9.1.0cu.2350 B20230313 Description: The issue is related to the setVpnAccountCfg function, specifically the /web/cgi-bin/cstecgi.cgi endpoint, where the desc parameter is not properly sanitized, allowing an attacker t...

10CVSS9.6AI score0.01573EPSS
Exploits1References7
CNVD
CNVDadded 2024/12/13 12:0 a.m.6 views

TOTOLINK EX1800T cstecgi.cgi sub_40662C stack overflow vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T cstecgi.cgi sub40662C suffers from a stack overflow vulnerability that originates from the failure of the ssid parameter of the sub40662C function of the /cgi-bin/cstecgi.cgi file to...

9.8CVSS8.2AI score0.00702EPSS
Exploits0References1
BDU FSTEC
BDU FSTECadded 2024/12/06 12:0 a.m.3 views

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system, which allows a hacker to execute an attack using brute-force methods.

The vulnerability of the cgi-bin/ocap/ component of the AbsysNet library system is related to the ability to bypass authentication by using a user-controlled password. Exploiting this vulnerability could allow an attacker operating remotely to execute a brute-force attack...

7.8CVSS5.6AI score0.0087EPSS
Exploits1References4Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2024/12/05 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-23900

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi...

9.8CVSS6.4AI score0.03465EPSS
Exploits1References1
BDU FSTEC
BDU FSTECadded 2024/12/04 12:0 a.m.2 views

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router’s software allows a hacker to execute arbitrary commands.

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.5CVSS6.9AI score0.03074EPSS
Exploits1References7Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/18 1:47 p.m.15 views

CVE-2024-11318 IDOR vulnerability in AbsysNet

An IDOR Insecure Direct Object Reference vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint...

7.5CVSS7.2AI score0.0087EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/11/18 12:0 a.m.5 views

PT-2024-9175 · Absysnet · Absysnet

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...

7.8CVSS7.1AI score0.0087EPSS
Exploits1References9
OSV
OSVadded 2024/11/04 3:15 p.m.4 views

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

8CVSS5.8AI score
Exploits0References2
OSV
OSVadded 2024/11/04 3:15 p.m.1 views

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

8CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2024/11/04 3:15 p.m.9 views

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

8CVSS0.01291EPSS
Exploits0References2
NVD
NVDadded 2024/11/04 3:15 p.m.10 views

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

8CVSS0.01514EPSS
Exploits0References2
NVD
NVDadded 2024/11/04 3:15 p.m.14 views

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

8CVSS0.02081EPSS
Exploits0References2
Rows per page
Query Builder