CVE-2026-9514 Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

PT-2026-43157

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. The setNetworkDiag function within the '/cgi-bin/cstecgi.cgi' endpoint fails to properly sanitize several arguments, allowin...

CVE-2021-0358

In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442022...

CVE-2021-0359

In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442011...

CVE-2021-0357

In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442002...

EUVD-2021-3022

Malicious code in bioql PyPI...

EUVD-2022-25345

Malicious code in bioql PyPI...

EUVD-2021-2979

Malicious code in bioql PyPI...

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

The vulnerability of the setNetworkDiag() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.

The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the NetDiagPingSize parameter. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2023-24142

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function...

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

Design/Logic Flaw

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

CVE-2022-20085

In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877...

CVE-2022-20085

CVE-2022-20085 affects MediaTek netdiag components. The issue is improper link resolution leading to symbolic link following, enabling local privilege escalation with System privileges required; no user interaction is needed. Patch ID ALPS06308877 (Issue ALPS06308877) is noted as remediation. Pub...

MediaTek netdiag 后置链接漏洞

MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in the MediaTek component netdiag, which can be exploited by attackers to cause a local privilege escalation. The following products and versions are affected: chips,...

MediaTek netdiag Information Disclosure Vulnerability

MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in MediaTek netdiag. The vulnerability stems from a lack of privilege checking and could lead to the disclosure of local information with required system execution...

CVE-2021-0403

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124...