CVE-2026-7720

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

EUVD-2026-26870

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

CVE-2026-7717 Totolink WA300 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched...

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device produced by the Yeapook company. The Yeapook WDR201A WiFi Extender in the HW V2.1 version and FW LFMZX28040922V1.02 version contain vulnerabilities related to operating system command injection. This vulnerability stems from...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from the function setWanConfig in the component POST Request Handler, specifically the...

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The version 5.2cu.7112B20190227 of Totolink WA300 has a vulnerability caused by command injection. This vulnerability arises from the operation of the setWebWlanIdx function in the POST Request Handler component’s...

Astra Linux – Vulnerability in Jetty9

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...

Astra Linux – Vulnerability in Ruby 2.5

In Ruby, the CGI::Cookie.parse method used from version 2.6.8 mishandles security prefixes in cookie names. This issue also affects the CGI gem used from version 0.3.0 in Ruby...

CVE-2026-7692

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410221110. The affected element is the function pingddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may ...

PT-2026-36695

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists in the set sys cmd function within the '/cgi-bin/adm.cgi' endpoint. This flaw allows a remote attacker to execute arbitrary commands by manipulating t...

CVE-2026-7633

Totolink N300RH 6.1c.1353_B20190305 is affected by CVE-2026-7633 in the setUploadSetting function of /cgi-bin/cstecgi.cgi. Manipulating the FileName argument leads to file inclusion and may be exploitable remotely. Public exploit is reported; patch/version details are not provided in the sources.

CVE-2026-7633

A vulnerability was identified in Totolink N300RH 6.1c.1353B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and mig...

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

CLSA-2025-1737465408 php: Fix of 3 CVEs

CVE-2024-8927: fix bypass of cgi.forceredirect configuration - CVE-2024-11233: fix single byte overread with convert.quoted-printable-decode filter - CVE-2024-11234: fix HTTP fulluri CRLF injection...

CVE-2026-7243

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

CVE-2026-7248 D-Link DI-8100 CGI Endpoint tgfile.htm tgfile_htm buffer overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-7248

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfilehtm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2026-7244 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...