CVE-2026-7156

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

EUVD-2026-25923

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

CVE-2026-7140 Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has...

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

EUVD-2026-19436

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been...

TOTOLINK X6000R Security Breach

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which originates from the sub417338 function of the shttpd file that obtains fields from the front-end, connects them via the snprintf...

CVE-2023-48801

In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...

CVE-2023-48812

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48811

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48804

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...