Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/05/04 1:15 a.m.5 views

CVE-2026-7718 Totolink WA300 POST Request cstecgi.cgi setWebWlanIdx command injection

A vulnerability was identified in Totolink WA300 5.2cu.7112B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The...

6.5CVSS6.5AI score0.00916EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/28 12:15 a.m.4 views

EUVD-2026-25961

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The...

10CVSS8.3AI score0.02448EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 12:0 p.m.6 views

EUVD-2026-25837

A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The...

10CVSS8.1AI score0.01766EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/23 6:33 p.m.10 views

EUVD-2026-25247

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the stun-port parameter to /cgi-bin/cstecgi.cgi...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References2
CVE
CVE
added 2026/04/13 3:30 a.m.15 views

CVE-2026-6156

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected via CGI Handler’s setIpQosRules function in /cgi-bin/cstecgi.cgi. Manipulating the Comment argument enables os command injection with remote exploitation reported. Public exploits exist. Affected product details and impact are corrobora...

10CVSS6.9AI score0.01823EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/20 7:2 p.m.23 views

CVE-2026-4497 Totolink WA300 cstecgi.cgi recvUpgradeNewFw os command injection

A vulnerability was determined in Totolink WA300 5.2cu.7112B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and...

7.5CVSS0.01906EPSS
Exploits1References6
CVE
CVE
added 2025/08/19 12:0 a.m.21 views

CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability in a web‑exposed script. A remote attacker can supply a crafted path parameter to read arbitrary files from the filesystem via directory traversal (e.g., ../../../), without authentication or proper path handling. Potentia...

5.3CVSS7.6AI score0.00667EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.1 views

TOTOLINK T10 安全漏洞

The TOTOLINK T10 is a wireless router manufactured by TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T10 version 4.1.8cu.5207, which affects the function setWiFiMeshName in the /cgi-bin/cstecgi.cgi file of the component's POST request handler.An attacker can exploit the vulnerabilit...

9CVSS7.4AI score0.07237EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.2 views

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR versions prior to 7.0.3 th...

6.4CVSS6.1AI score0.00278EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/03/25 12:0 a.m.5 views

The vulnerability of the setWiFiScheduleCfg() function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a perpetrator to execute arbitrary commands.

The vulnerability of the setWiFiScheduleCfg function in the web/cgi-bin/cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the week parameter. Exploiting...

7.7CVSS8.3AI score0.01327EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/28 5:11 p.m.15 views

CVE-2025-23055 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface

A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...

5.5CVSS5.2AI score0.00258EPSS
Exploits0References1
CNVD
CNVD
added 2024/01/24 12:0 a.m.3 views

TOTOLINK LR1200GB setTracerouteCfg function stack buffer overflow vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from a stack buffer overflow...

9.8CVSS8.2AI score0.01145EPSS
Exploits0References1
OSV
OSV
added 2023/08/31 10:15 a.m.2 views

CVE-2023-41740

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in cgi component in Synology Router Manager SRM before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors...

5.3CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.8 views

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

6.1CVSS5.4AI score0.00598EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/08/08 12:0 a.m.6 views

The vulnerability in the /cgi-bin/wlogin.cgi web interface for managing DrayTek Vigor router software allows a hacker to execute arbitrary code.

The vulnerability in the CGI-BIN/WLOGIN.CGI web interface script of the DrayTek Vigor router software relates to the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HTTP POST...

10CVSS8.8AI score0.33795EPSS
Exploits2References4Affected Software25
Rows per page
Query Builder