11 matches found
TOTOLINK A3300R interval parameter command injection vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R interval parameter, which occurs when the /cgi-bin/cstecgi.cgi file fails to properly handle the interval parameter and can be exploited by an attacker ...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34717
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31173
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R 命令注入漏洞
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R interval parameter, which occurs when the /cgi-bin/cstecgi.cgi file fails to properly handle the interval parameter and can be exploited by an attacker ...
CVE-2026-31173
ToToLink A3300R firmware v17.0.0cu.557_B20221024 is affected. A flaw in /cgi-bin/cstecgi.cgi allows execution of arbitrary commands via the interval parameter. CVSS 3.1: Network attack, Privileges Required NONE, User Interaction NONE, Impact Confidentiality and Integrity LOW, Availability NONE; b...
CVE-2025-59470
This vulnerability allows a Backup Operator to perform remote code execution RCE as the postgres user by sending a malicious interval or order parameter...
CVE-2024-9461
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the croninterval parameter. This is due to missing input validation and sanitization. This makes it possible f...
TOTOLINK X6000R 安全漏洞
TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. TOTOLINK X6000R suffers from a command execution vulnerability, which stems from the interval parameter of the sub4119A0 function failing t...
Mapbox: Denial of service in account statistics endpoint
Hi Mapbox, I know that your guidelines explicitly say that Denial of Service coinditions are not in scope and should not be attempted, but I maintained the testing between adequate parameters so as to not to create excessive load on your backend. I also sent an email to [email protected] prior ...