TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “enable” in the file...

PT-2026-32148

A flaw has been found in Totolink A7100RU 7.4cu.2313 b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

EUVD-2026-21016

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi...

CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The...

TOTOLINK A3300R 操作系统命令注入漏洞

TOTOLINK A3300R is a wireless router produced by TOTOLINK Corporation. The TOTOLINK A3300R version 17.0.0cu.557B20221024 contains a vulnerability related to operating system command injection. This vulnerability arises from incorrect handling of the parameter “stunpass” in the file...

CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary sub42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into fixed-siz...

EUVD-2024-30169

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-4270

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to informatio...

CVE-2025-4271 TOTOLINK A720R cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...

CVE-2025-28029

TOTOLINK A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a buffer overflow vulnerability in cstecgi.cgi...

PT-2024-9535 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1800T version 9.1.0cu.2112 B20220316 Description: A problematic issue has been found in the function sub 40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the ssid argument leads to a stack-based buffer overflow. The...

PT-2024-30118 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is an OS command injection vulnerability found in the /cgi-bin/cstecgi.cgi file, specifically in the setDmzCfg function. This vulnerability allows authenticated attackers t...

CVE-2024-7333

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated...

Command injection

TOTOLink A3600R V4.1.2cu.5182B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi...