CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

CVE-2024-42737

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands...

PT-2024-30117 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The file /cgi-bin/cstecgi.cgi in TOTOLINK X5000r contains an OS command injection vulnerability in delBlacklist. Authenticated attackers can send malicious packets to execute arbitra...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

GL.iNet多款产品 路径遍历漏洞

GL.iNet MT300N-V2 and others are products of China's GL.iNet. GL.iNet MT300N-V2 is a mini router. GL.iNet AR750 is a router. GL.iNet AR300M is a router. A path traversal vulnerability exists in various GL.iNet products, which originates from an insecure privilege in the /cgi-bin/glc interface. Th...

CVE-2024-7333

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...

PT-2024-38140 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. Thi...

PT-2024-38142 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical vulnerability has been found in the setPortForwardRules function of the /cgi-bin/cstecgi.cgi file. The manipulation of the comment argument leads to a buffer overflow. Thi...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a buffer overflow vulnerability that originates from the File parameter in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file that fails to correctly validat...

TOTOLINK A3700R Command Injection Vulnerability

TOTOLINK A3700R is a wireless router, launched by TOTOLINK China Gion Electronics, a Taiwan-based networking equipment manufacturer. The TOTOLINK A3700R suffers from a command injection vulnerability located in the /cgi-bin/cstecgi.cgi file, which stems from improper handling of the hostName...

CVE-2024-7160

A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has...

PT-2024-38122 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue has been found, affecting the setWanCfg function of the file /cgi-bin/cstecgi.cgi. The manipulation of the hostName argument leads to command injection. This issue ca...

VulnCheck KEV: CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

Exploit for CVE-2024-11318

CVE-2024-11318 IDOR - AbsysNet 2.3.1 User Hijacking --- DI...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...