Lucene search
K

21 matches found

CVE
CVE
added 2026/05/24 1:30 p.m.29 views

CVE-2026-9384

CVE-2026-9384 affects Totolink A8000RU (Firmware 7.1cu.643_b20200521) Web Management Interface, specifically the /cgi-bin/cstecgi.cgi function setDiagnosisCfg. The vulnerability arises from manipulation of the ip parameter, enabling os command injection. The issue is accessible remotely, with pub...

10CVSS7AI score0.01732EPSS
Exploits0References5
OSV
OSV
added 2026/02/23 9:19 p.m.14 views

CVE-2025-70327

TOTOLINK X5000R v9.1.0cu2415B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping command through CsteSystem without validating if the input starts with a hyphen...

9.8CVSS6AI score0.00693EPSS
Exploits1References2
OSV
OSV
added 2025/11/13 8:15 p.m.4 views

CVE-2025-60702

A command injection vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the system.so binary. The setDiagnosisCfg function retrieves the ipDoamin parameter from user input via websGetVar and concatenates it directly into a ping system command executed via...

6.5CVSS6.2AI score0.02538EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/21 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-28908

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg...

10CVSS5.8AI score0.02492EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2025/07/13 12:0 a.m.5 views

TOTOLINK T6 注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An injection vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from a command injection due to the incorrect operation of the function setDiagnosisCfg on the parameter ip in the fil...

8.8CVSS6.8AI score0.03111EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/22 11:19 p.m.8 views

CVE-2022-37083

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg...

7.8CVSS7.1AI score0.01086EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.7 views

TOTOLINK A950RG和TOTOLINK A810R 安全漏洞

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

9.8CVSS7.6AI score0.01018EPSS
Exploits1References1
CVE
CVE
added 2024/08/22 8:0 p.m.55 views

CVE-2024-8076

The CVE-2024-8076 issue affects TOTOLINK AC1200 T8 firmware 4.1.5cu.862_B20230228. The vulnerability is a buffer overflow in the setDiagnosisCfg() function, which can be exploited remotely over the network, potentially impacting confidentiality, integrity, and availability. The available connecte...

9.8CVSS8.7AI score0.00795EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/10 8:15 a.m.5 views

CVE-2024-2353

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...

8.8CVSS5.5AI score0.03952EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/03/09 12:0 a.m.4 views

PT-2024-2010 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 20230719 Description: A critical issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The...

10CVSS9.2AI score0.03952EPSS
Exploits2References13
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

TOTOLINK LR1200GB 安全漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a buffer overflow vulnerability hole, which originates from the ip parameter of the setDiagnosisCfg function ...

9.8CVSS8.1AI score0.01066EPSS
Exploits0References4
OSV
OSV
added 2024/01/08 5:15 a.m.5 views

CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The...

9.8CVSS5.5AI score0.03834EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/12/01 12:0 a.m.5 views

PT-2023-28825 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R versions V9.4.0cu.652 B20230116 through V9.4.0cu.852 B20230719 Description: The issue allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. Recommendations: For versions...

9.8CVSS9.5AI score0.01521EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/01 12:0 a.m.4 views

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a command execution vulnerability that stems from the IP parameter of the setDiagnosisCfg component failing to properly filter constructed command special characters, commands, and so on...

9.8CVSS7.4AI score0.01521EPSS
Exploits1References1
OSV
OSV
added 2023/10/16 5:15 a.m.6 views

CVE-2023-36952

TOTOLINK CP300+ V5.2cu.7594B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg...

9.8CVSS7.3AI score0.00701EPSS
Exploits1References1
CNVD
CNVD
added 2023/07/11 12:0 a.m.5 views

TOTOLINK A3300R setDiagnosisCfg Method Command Injection Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. A command injection vulnerability exists in the TOTOLINK A3300R. The vulnerability stems from the ip parameter of the setDiagnosisCfg method faili...

9.8CVSS7.6AI score0.01958EPSS
Exploits1References1
OSV
OSV
added 2022/08/25 3:15 p.m.4 views

CVE-2022-37083

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg...

7.8CVSS5.8AI score0.01086EPSS
Exploits1References1
OSV
OSV
added 2022/08/25 2:15 p.m.1 views

CVE-2022-36481

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg...

7.8CVSS5.8AI score0.01308EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 2:15 p.m.4 views

CVE-2022-36484

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg...

7.8CVSS7.6AI score0.00331EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/25 2:15 p.m.2 views

CVE-2022-36466

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...

7.8CVSS7.6AI score0.00308EPSS
Exploits1References2
Rows per page
Query Builder