TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China-based TOTOLINK Electronics TOTOLINK. The TOTOLINK CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability, which originates from the Setting Handler component's setNetworkDiag function in the...

CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-5676

The vulnerability CVE-2026-5676 affects Totolink A8000R (firmware 5.9c.681_B20180413). The issue is in the CGI endpoint /cgi-bin/cstecgi.cgi, specifically the setLanguageCfg function where manipulating the langType argument leads to missing authentication. This enables a remote attacker to levera...

TOTOLINK A3300R lang parameter buffer overflow vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter lang in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length of the...

CVE-2023-6612

A vulnerability was found in Totolink X5000R 9.1.0cu.2300B20230112. It has been rated as critical. This issue affects the function...