CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

CVE-2026-6058

UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...

Zyxel WRE6505 安全漏洞

The Zyxel WRE6505 is a wireless signal extension device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 firmware version 1.00ABDV.3C0 contains a security vulnerability. This vulnerability stems from improper CGI program coding or escaping, which may allow adjacent WLAN attackers to...

CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

PT-2026-32239

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the wizard argument in the setWizardCfg function within the...

CVE-2026-6131 Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

EUVD-2026-21319

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched...

CVE-2026-6026 Totolink A7100RU CGI cstecgi.cgi setPortalConfWeChat os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can ...

CVE-2026-5691 Totolink A7100RU cstecgi.cgi setFirewallType os command injection

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-5690 Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published...

EUVD-2026-19434

A vulnerability was identified in Totolink A8000R 5.9c.681B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available...

PT-2026-30716

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557 B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun pass leads to os command injection. The exploit has been disclosed publicly and may be us...

CVE-2026-5312

CVE-2026-5312 affects D-Link DNS-1xx NAS models (e.g., DNS-120, DNS-320/320L/320LW/321, DNS-327L, DNS-1100-4, DNS-1550-04, among others) with the dsk_mgr.cgi Get_current_raidtype path. The vulnerability concerns the functions under /cgi-bin/dsk_mgr.cgi (including Get_Volume_Mapping, Get_current_r...

CVE-2026-5213

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function...

CVE-2026-4197

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

PT-2026-25556

D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow CVE: CVE-2026-4182 PT-Identifier: PT-2026-25556 Vendor: D-link Product: DIR-816 CVSS: 9.3 Credits: pjqwudi VulDB User Description: A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of...

CVE-2026-3715

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument delflag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publ...

CVE-2025-67445

TOTOLINK X5000R V9.1.0cu.2415B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENTLENGTH environment variable and allocates memory using malloc CONTENTLENGTH + 1 without sufficient bounds checking. When lighttpd s request size limit is not enforce...

CVE-2025-11848

The CVE-2025-11848 entry concerns a null pointer dereference in the Wake-on-LAN CGI program of Zyxel devices. Affected products are Zyxel VMG3625-T50B (firmware up to 5.50(ABPM.9.6)C0) and Zyxel WX3100-T0 (firmware up to 5.50(ABVL.4.8)C0). The vulnerability can be triggered by an authenticated at...