15 matches found
CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection
A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...
EUVD-2026-25961
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...
EUVD-2026-25837
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...
EUVD-2026-25247
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stun-port parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-6156
Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected via CGI Handler’s setIpQosRules function in /cgi-bin/cstecgi.cgi. Manipulating the Comment argument enables os command injection with remote exploitation reported. Public exploits exist. Affected product details and impact are corrobora...
CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection
A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...
CVE-2025-51539
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...
TOTOLINK T10 安全漏洞
The TOTOLINK T10 is a wireless router manufactured by TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10 version 4.1.8cu.5207, which affects the function setWiFiMeshName in the /cgi-bin/cstecgi.cgi file of the component's POST request handler.An attacker can exploit the vulnerabilit...
OpenEMR 跨站脚本漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR versions prior to 7.0.3 th...
The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the week parameter. Exploiting...
CVE-2025-23055 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...
TOTOLINK LR1200GB setTracerouteCfg function stack buffer overflow vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a stack buffer overflow...
CVE-2023-41740
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in cgi component in Synology Router Manager SRM before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors...
node-red-dashboard 跨站脚本漏洞
node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...
The vulnerability in the /cgi-bin/wlogin.cgi web interface for managing DrayTek Vigor router software allows a hacker to execute arbitrary code.
The vulnerability in the CGI-BIN/WLOGIN.CGI web interface script of the DrayTek Vigor router software relates to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HTTP POST...