PT-2026-43193

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

CVE-2026-2566

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmwareurl leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed...

PT-2026-8378

A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub 406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclos...

CVE-2021-47745 Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection via Firmware Upgrade

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...