CVE-2026-9533

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

CVE-2026-9455

CVE-2026-9455 affects Totolink A8000RU Web Management, specifically the UploadOpenVpnCert function in /cgi-bin/cstecgi.cgi. The vulnerability stems from manipulating the FileName argument, causing a remote OS command injection with network access, and a public exploit is indicated (exploit maturi...

CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the parameter enabled of the function setOpenVpnCfg in the file...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setQosCfg on the parameter enable in the file /cgi-bin/cstecgi.cg...

CVE-2026-9406 Totolink A8000RU Web Management cstecgi.cgi setRemoteCfg os command injection

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed...

EUVD-2026-31543

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

CVE-2026-7202

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The...

CVE-2026-7155

Technical details are not publicly available in the provided documents. Monitor for updates regarding CVE-2026-7155 Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg OS command injection.

CVE-2026-7140

The CVE-2026-7140 entry concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). The vulnerability resides in CsteSystem within /cgi-bin/cstecgi.cgi of the CGI Handler, enabling an os command injection via manipulation of an HTTP argument. Impact vectors indicate remote exploitation with high co...

EUVD-2026-25835

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-6138

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploi...

CVE-2026-6113

Totolink A7100RU CGI: The vulnerability affects /cgi-bin/cstecgi.cgi::setTtyServiceCfg. Manipulating ttyEnable can cause os command injection. Remote exploit disclosed; no remediation details in the provided docs. CVSS notes show critical impact (HIGH confidentiality/integrity/availability) with ...

CVE-2026-5997

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the atta...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version contains an operating system command injection vulnerability. This vulnerability stems from the setWiFiGuestCfg function in the CGI Handler component’s file...

TOTOLINK A3300R 命令注入漏洞

The Totolink A3300R is a wireless router from Totolink. A command injection vulnerability exists in Totolink A3300R version 17.0.0cu.557b20221024, which originates from improper handling of the pptpPassThru parameter by the setVpnPassCfg function in the /cgi-bin/cstecgi.cgi file in the component...

CVE-2026-1548

Totolink A7000R 4.1cu.4154 is affected by CVE-2026-1548 through the CloudACMunualUpdateUserdata function in /cgi-bin/cstecgi.cgi. Manipulating the url argument enables remote command injection, with exploits published and potential for active use. Remediation guidance appears to be updating to a ...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...

CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow

A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...