41 matches found
CVE-2026-9513
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
CVE-2026-9513 Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection
A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2026-5030
A vulnerability has been found in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument hosttime leads to command injection. The attack can be initiated remotely. Th...
CVE-2025-70328
TOTOLINK X6000R v9.4.0cu.1498B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The hosttime parameter is retrieved via sub40C404 and passed to a date -s shell command through CsteSystem. While the first two tokens of the...
CVE-2022-26214
Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This...
EUVD-2024-36212
Malicious code in bioql PyPI...
EUVD-2023-28201
Malicious code in bioql PyPI...
EUVD-2024-22796
Malicious code in bioql PyPI...
EUVD-2022-39188
Malicious code in bioql PyPI...
EUVD-2022-39735
Malicious code in bioql PyPI...
EUVD-2022-39168
Malicious code in bioql PyPI...
CVE-2024-7215
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...
CVE-2022-36459
TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the hosttime parameter in the function NTPSyncWithHost...
CVE-2022-36479
TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the hosttime parameter in the function NTPSyncWithHost...
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection via the hosttime parameter in the NTPSyncWithHost function...
TOTOLINK LR1200GB Command Injection Vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. The TOTOLINK LR1200GB version 9.3.1cu.2832 suffers from a command injection vulnerability that originates from the hosttime parameter in the NTPSyncWithHost function on the /cgi-bin/cstecgi.cgi pag...
CVE-2024-7215
A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to command injection. The attack may be launched remotely. The exploit has...
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection via the hosttime parameter in the NTPSyncWithHost function...
CVE-2024-36783
TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection via the hosttime parameter in the NTPSyncWithHost function...