CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2026-7721

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

EUVD-2026-26874

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2026-7721 Totolink WA300 cstecgi.cgi NTPSyncWithHost command injection

A security vulnerability has been detected in Totolink WA300 5.2cu.7112B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The Totolink WA300 5.2cu.7112B20190227 version has a vulnerability due to an issue with the function NTPSyncWithHost in the file/cgi-bin/cstecgi.cgi. This issue allows for command injection through the parameter...

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2024-34218

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter...

EUVD-2024-34695

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-28907

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost...

CVE-2024-31807

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the hostTime parameter in the NTPSyncWithHost function...

The vulnerability of the NTPSyncWithHost() function in Totolink’s microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in Totolink router microprogramming software is related to the failure to take measures to neutralize special elements of the hostTime parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-28907

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost...

CVE-2021-42890

TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack...

CVE-2025-44845

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44845

CVE-2025-44845 affects TOTOLINK CA600-PoE V5.3c.6665_B20180820. The NTPSyncWithHost function is vulnerable via the hostTime parameter, allowing an attacker to execute arbitrary commands through a crafted request. Reported across multiple sources (NVD/Red Hat/CNVD) with the same vulnerability desc...

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

CVE-2025-28034

TOTOLINK A800R V4.1.2cu.5137B20200730, A810R V4.1.2cu.5182B20201026, A830R V4.1.2cu.5182B20201102, A950RG V4.1.2cu.5161B20200903, A3000RU V5.9c.5185B20201128, and A3100R V4.1.2cu.5247B20211129 were found to contain a pre-auth remote command execution vulnerability in the NTPSyncWithHost function...

TOTOLINK多款产品 安全漏洞

TOTOLINK A800R and others are products of China Gion Electronics TOTOLINK.TOTOLINK A800R is a wireless router.TOTOLINK A830R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band router.TOTOLINK A810R is a wireless dual-band...

PT-2025-17543 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK...