CVE-2024-0299

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched...

CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The...

CVE-2024-0294

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. T...

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

PT-2024-1062 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6139 B202012 Description: The issue is related to a stack-based buffer overflow in the loginAuth function of the /cgi-bin/cstecgi.cgi file, which can be exploited remotely. This is due to the manipulation of the...

TOTOLINK LR1200GB 操作系统命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

TOTOLINK LR1200GB 操作系统命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

PT-2024-1056 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...

TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT version 9.3.5u.6139B20201216 suffers from a buffer overflow vulnerability that originates from the parameter v8 of the main function of the file /cgi-bin/cstecgi.cgi?action=login that fails to...

TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a buffer overflow vulnerability, which originates from the parameter v33 of the function main in /cgi-bin/cstecgi.cgi?action=login&flag=1 that fails to correctly validate the length...

PT-2024-1058 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical vulnerability was found in the Totolink LR1200GB router's software. The issue affects the setUploadSetting function of the /cgi-bin/cstecgi.cgi file. The manipulation of...

PT-2024-1057 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue exists due to the lack of neutralization of special elements in the setUssd function of the /cgi-bin/cstecgi.cgi file. This allows a remote attacker to execute...

TOTOLINK EX1800T cstecgi.cgi lanGateway Parameter Arbitrary Command Execution Vulnerability

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...

CVE-2023-7187

A vulnerability was found in Totolink N350RT 9.3.5u.6139B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. Th...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

CVE-2023-50651

TOTOLINK X6000R v9.4.0cu.852B20230719 was discovered to contain a remote command execution RCE vulnerability via the component /cgi-bin/cstecgi.cgi...

CGI Abuse

Gitlab is vulnerable to CGI Abuse. An attacker can abuse scan execution policies to run pipelines as another user compromising Confidentiality and Integrity of the system...

Path traversal

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

CVE-2022-39822

Summary: CVE-2022-39822 is a SQL injection vulnerability affecting Nokia NFM-T R19.9, specifically in the VM Manager WebUI at /cgi-bin/R19.9/easy1350.pl. The issue can be triggered via the HTTP GET parameters id or host, and exploitation requires an authenticated attacker. The available connected...