CVE-2026-31176

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunuser parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31179

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31165

Summary of CVE-2026-31165 : Analyzed in ToToLink A3300R firmware 17.0.0cu.557_B20221024. The vulnerability is a command-injection in the web interface captured via the pppoeServiceName parameter sent to /cgi-bin/cstecgi.cgi, enabling an attacker to execute arbitrary commands. This is a network-ex...

CVE-2026-1601

A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made...

PT-2024-38136 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue was found in the setdeviceName function of the /cgi-bin/cstecgi.cgi file, where manipulation of the deviceMac/deviceName argument leads to buffer overflow. This can ...

PT-2024-38135 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found in the loginauth function of the /cgi-bin/cstecgi.cgi file. The manipulation of the password and http host arguments leads to a buffer overflow. This...

PT-2024-24530 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: A command injection issue was found via the port parameter in the setSSServer function at "/cgi-bin/cstecgi.cgi" API endpoint. Recommendations: For TOTOLINK X5000R version 9.1.0cu.23...

PT-2024-1167 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue was found in the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to...

PT-2024-1060 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical vulnerability exists in the setOpModeCfg function of the /cgi-bin/cstecgi.cgi file due to the lack of neutralization of special elements. This allows a remote attacker to...

PT-2023-31738 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue allows for unauthorized arbitrary command execution. This is achieved through the langFlag parameter of the "setLanguageCfg" interface in the "cstecgi.cgi" endpoint...

PT-2022-24586 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.709 B20210518 Description: The issue is related to command injection via the cstecgi.cgi endpoint. This allows for potential malicious commands to be executed. No information is provided about the estimated number ...

PT-2022-24107 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A860R version 4.1.2cu.5182 B20201027 Description: The issue is related to a Buffer Overflow that can be triggered via the Cstecgi.cgi endpoint. This allows for potential exploitation. No information is provided about the estimated...