21 matches found
CVE-2026-9384
CVE-2026-9384 affects Totolink A8000RU (Firmware 7.1cu.643_b20200521) Web Management Interface, specifically the /cgi-bin/cstecgi.cgi function setDiagnosisCfg. The vulnerability arises from manipulation of the ip parameter, enabling os command injection. The issue is accessible remotely, with pub...
CVE-2025-70327
TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...
CVE-2025-60702
A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...
VulnCheck KEV: CVE-2022-28908
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg...
TOTOLINK T6 注入漏洞
TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An injection vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from a command injection due to the incorrect operation of the function setDiagnosisCfg on the parameter ip in the fil...
CVE-2022-37083
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg...
TOTOLINK A950RG和TOTOLINK A810R 安全漏洞
TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...
CVE-2024-8076
The CVE-2024-8076 issue affects TOTOLINK AC1200 T8 firmware 4.1.5cu.862_B20230228. The vulnerability is a buffer overflow in the setDiagnosisCfg() function, which can be exploited remotely over the network, potentially impacting confidentiality, integrity, and availability. The available connecte...
CVE-2024-2353
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...
PT-2024-2010 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 20230719 Description: A critical issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The...
TOTOLINK LR1200GB 安全漏洞
The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability hole, which originates from the ip parameter of the setDiagnosisCfg function ...
CVE-2024-0298
A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The...
PT-2023-28825 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719 Description: The issue allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. Recommendations: For versions...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the IP parameter of the setDiagnosisCfg component failing to properly filter constructed command special characters, commands, and so on...
CVE-2023-36952
TOTOLINK CP300+ V5.2cu.7594B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg...
TOTOLINK A3300R setDiagnosisCfg Method Command Injection Vulnerability
TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the ip parameter of the setDiagnosisCfg method faili...
CVE-2022-37083
TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg...
CVE-2022-36481
TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg...
CVE-2022-36484
TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg...
CVE-2022-36466
TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...