CVE-2026-9533 Totolink CA750-PoE Setting cstecgi.cgi recvUpgradeNewFw os command injection

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

EUVD-2026-31791

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device developed by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the fwUrl/magicid parameters in the...

PT-2026-43193

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

CVE-2025-60682

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the cloudupdatecheck binary, specifically in the sub402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell...

EUVD-2022-33967

Malicious code in bioql PyPI...

The vulnerability of the CloudSrvUserdataVersionCheck() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the CloudSrvUserdataVersionCheck function in TOTOLINK CA600-PoE router’s software lies in the lack of measures taken at the control level during the processing of the magicid parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function magicid parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the failure of the magicid parameter of the CloudSrvUserdataVersionCheck function to correctly filter constructed command...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44839

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CA600-PoE 安全漏洞

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the failure of the magicid parameter of the CloudSrvUserdataVersionCheck function to correctly filter constructed command...

PT-2025-18660 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the CloudSrvUserdataVersionCheck function via the magicid parameter. This issue allows attackers to execute arbitrary commands through a...

TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)

TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

CVE-2022-29639

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...

Command injection

TOTOLINK A3100R V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function ucicloudupdateconfig...