PT-2026-36695

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists in the set sys cmd function within the '/cgi-bin/adm.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary commands by manipulating t...

CVE-2026-7633

A vulnerability was identified in Totolink N300RH 6.1c.1353B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mig...

CVE-2026-7633

Totolink N300RH 6.1c.1353_B20190305 is affected by CVE-2026-7633 in the setUploadSetting function of /cgi-bin/cstecgi.cgi. Manipulating the FileName argument leads to file inclusion and may be exploitable remotely. Public exploit is reported; patch/version details are not provided in the sources.

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

CLSA-2025-1737465408 php: Fix of 3 CVEs

CVE-2024-8927: fix bypass of cgi.forceredirect configuration - CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter - CVE-2024-11234: fix HTTP fulluri CRLF injection...

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

CVE-2026-7248

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-7248 D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2026-26017

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

CVE-2026-7244 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

CVE-2026-7243 Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

CVE-2026-7241 Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried...

EUVD-2026-26010

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...

CVE-2026-7202

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7203

CVE-2026-7203 affects Totolink A8000RU (firmware 7.1cu.643_b20200521) in the CGI Handler component, specifically the function setUrlFilterRules in /cgi-bin/cstecgi.cgi. The argument enable can be manipulated to achieve OS command injection, enabling a remote attack. Exploit details are publicly a...

PT-2026-35693

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setOpenVpnClientCfg function in the CGI Handler component, specifically the handling of the...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the tgfilehtm function in the CGI Endpoint component, whi...