CVE-2026-9531

A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The...

CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the resetFlags parameter in the function...

CVE-2026-7718

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

EUVD-2026-25263

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

EUVD-2026-25241

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31179

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31171

CVE-2026-31171 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows an attacker to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (EUVD/NVD/CVE listings). The root cause and exact vulnerable component are described ...

CVE-2026-31174

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-31166

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...

CVE-2026-31168

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34706

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi...

PT-2026-36794

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 3.2.4-B20220812 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the setWanConfig function within the '/cgi-bin/cstecgi.cgi' endpoint when manipulating...

CVE-2026-6195

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by a vulnerability in CGI Handler’s /cgi-bin/cstecgi.cgi setPasswordCfg. Manipulating the admpass argument enables os command injection and can be exploited remotely. The exploit is publicly disclosed. No additional technical details (e...

TOTOLINK A3600R setNoticeCfg function command injection vulnerability

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A3600R version 4.1.2cu.5182B20201102. The vulnerability stems from the failure of the function setNoticeCfg in the file /cgi-bin/cstecgi.cgi in the...

TOTOLINK X5000R 操作系统命令注入漏洞

TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK X5000R version 9.1.0cu.2089B20211224, which stems from incorrect operation of the parameter User in the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user, which could...

PT-2025-43921

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R version 17.0.0cu.557 B20221024 that allows for remote manipulation of the enable argument within the setSyslogCfg function located in the...

TOTOLINK X5000R Command Injection Vulnerability

TOTOLINK X5000R is a wireless router supporting Wi-Fi 6 technology with full coverage mesh system and dual-band transmission for home and business network environments. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the parameter pid in the file...

CVE-2024-7215

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...