CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

NVD•added 2026/05/25 12:16 a.m.•6 views

CVE-2026-9408

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be...

10CVSS0.01254EPSS

Exploits0References5

Cvelist•added 2026/05/25 12:0 a.m.•16 views

CVE-2026-9408 Totolink A8000RU Web Management cstecgi.cgi setStaticDhcpRules os command injection

10CVSS0.01254EPSS

Exploits0References5

Positive Technologies•added 2026/03/02 12:0 a.m.•3 views

PT-2026-22610

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A buffer overflow issue exists in the Tenda W20E. The issue occurs due to insufficient size validation when processing overly long addDhcpRules data. Specifically, the addDhcpRule function uses...

9.8CVSS6.2AI score0.00082EPSS

Exploits1References8

Vulnrichment•added 2026/03/02 12:0 a.m.•1 views

CVE-2026-24110

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...

6.1AI score0.00082EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 3:30 a.m.•4 views

CVE-2023-26848

TOTOlink A7100RUV7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules...

9.8CVSS8AI score0.14899EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:21 a.m.•6 views

CVE-2023-24238

TOTOlink A7100RUV7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules...

9.8CVSS8AI score0.05164EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:28 a.m.•6 views

CVE-2022-48122

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function...

9.8CVSS8AI score0.14899EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:41 p.m.•1 views

CVE-2022-40868

Tenda W20E router V15.11.0.6 USW20EV4.0brV15.11.0.610681546841CNTDC contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/...

9.8CVSS9.6AI score0.00459EPSS

Exploits1References1

Positive Technologies•added 2024/01/30 12:0 a.m.•2 views

PT-2024-1545 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: The issue exists due to the lack of measures to neutralize special elements in the setStaticDhcpRules function of the TOTOLINK A3300R router's firmware. This allows a remote attacke...

10CVSS7.9AI score0.01454EPSS

Exploits1References9

CNVD•added 2023/04/11 12:0 a.m.•1 views

TOTOLINK A7100RU org Parameter Command Injection Vulnerability

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the org parameter in setting/delStaticDhcpRules failing to properly filter...

9.8CVSS7.9AI score0.14899EPSS

Exploits1References1

Vulnrichment•added 2023/04/07 12:0 a.m.•4 views

CVE-2023-26848

TOTOlink A7100RUV7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules...

9.8AI score0.14899EPSS

Exploits1References1

ATTACKERKB•added 2023/03/08 2:15 p.m.•0 views

CVE-2023-25395

TOTOlink A7100RU V7.4cu.2313B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules...

9.8CVSS7.2AI score0.05193EPSS

Exploits1References2

Positive Technologies•added 2023/03/08 12:0 a.m.•1 views

PT-2023-20045 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was discovered in the router, specifically via the ou parameter at the "/setting/delStaticDhcpRules" API endpoint. This allows for potential exploitation...

9.8CVSS9.4AI score0.05193EPSS

Exploits1References4

CNNVD•added 2023/02/06 12:0 a.m.•1 views

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A7100RU V7.4cu.2313B20191024 version, which was discovered to contain a command injection vulnerability via the country parameter of setting/delStaticDhcpRules...

9.8CVSS8.4AI score0.05164EPSS

Exploits1References2

CNNVD•added 2023/01/20 12:0 a.m.•1 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A7100RU V7.4cu.2313B20191024 version, which stems from the dayvalid parameter of the set/delStaticDhcpRules method containing a command...

9.8CVSS8.4AI score0.14899EPSS

Exploits1References2

Vulnrichment•added 2023/01/20 12:0 a.m.•5 views

CVE-2022-48123

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function...

10AI score0.14899EPSS

Exploits1References1

OSV•added 2022/09/23 3:15 p.m.•0 views

CVE-2022-40868

Tenda W20E router V15.11.0.6 USW20EV4.0brV15.11.0.610681546841CNTDC contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/...

9.8CVSS5.8AI score0.00459EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by