44796 matches found
CVE-2026-31164
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable to command execution via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi. The CVE-2026-31164 entry notes this as a network-based vulnerability with CVSSv3.1: 6.5 (MEDIUM), requiring no privileges and no user interaction. Connected sour...
CVE-2026-31176
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected by CVE-2026-31176 where an attacker can execute arbitrary commands by sending a crafted stun-user parameter to /cgi-bin/cstecgi.cgi. The CVSS v3.1 base score is 6.5 (Medium) with network attack vector, no privileges required, and no use...
CVE-2026-31178
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is vulnerable via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi, enabling arbitrary command execution. The CVE-2026-31178 entry lists network-based access with high impact to confidentiality, integrity, and availability. Connected sources conf...
PT-2026-34706
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31164
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31168
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34673
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34716
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31179
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31160
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31174
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34824
Name of the Vulnerable Software and Affected Versions OpenLearnX versions prior to 2.0.3 Description OpenLearnX is an open-source, decentralized learning and assessment platform. A remote code execution RCE issue exists in the code execution environment, which allows an attacker to escape the...
CVE-2026-31176
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R hour parameter, which originates from the cstecgi.cgi file failing to properly validate the hour parameter, and can be exploited by an attacker to execute...
CVE-2026-31162
Summary: CVE-2026-31162 affects ToToLink A3300R firmware. The issue is a command-injection problem in the web interface: an attacker can execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi in firmware version v17.0.0cu.557_B20221024. The CVSS 3.1 vector indicates network a...
CVE-2026-31160
CVE-2026-31160: Affected product is ToToLink A3300R firmware v17.0.0cu.557_B20221024. The vulnerability is a remote command-execution flaw exploitable via the provider parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (NVD, CVE List, EUVD, etc.). The root cause is the handling o...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31181
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-014266)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014266 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens ...
CVE-2026-31163
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...