TOTOLINK CA750-PoE 操作系统命令注入漏洞

The TOTOLINK CA750-PoE is a wireless network access device from China's Gion Electronics TOTOLINK. The Totolink CA750-PoE version 6.2c.510 suffers from an operating system command injection vulnerability that originates from os command injection in the operation of the parameter hosttime in the...

PT-2026-36751

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

PT-2025-51256

Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version V17.0.0cu.596 B20250515 Description The TOTOLINK A3300R router firmware contains a command injection flaw in the NTPSyncWithHost function. The issue is triggered through the host time parameter. This allows for potentia...

CVE-2022-37125

D-link DIR-816 A2v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost...

Netscaler VPX : NTP_Sync Failing even after ntp process restart

Netscaler VPX is configured with NTP sync to pool.ntp.org or any NTP server, but the NTP sync does not work even after disabling and enabling NTP sync and also restarting the NTP process...

PT-2024-4058 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...

PT-2023-8034 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...

NetScaler NTP sync failure when NTP server Root Dispersion value greater that 1 second

NetScaler NTP sync failure when Root Dispersion value is larger than 1 second. Dispersion isthe maximum difference recorded between the NTP client and the NTP serverrecorded in seconds. Root Dispersion measures the maximum amount of variance between the NTP server and its known time source. If...

TOTOLINK N350RT 操作系统命令注入漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from a command injection issue in the hosttime parameter of the NTPSyncWithHost method...

CVE-2022-26188

TOTOLINK N600R V4.3.0cu.7570B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost...

TotoLink N600R 命令注入漏洞

TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R has a command injection vulnerability hole, which can be exploited by attackers via /setting/NTPSyncWithHost...

PT-2022-17728 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...

D-Link DIR-825 Stack Buffer Overflow Vulnerability

The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router. A stack buffer overflow vulnerability exists in the httpd binary in the D-Link DIR-825 Rev. B 2.10. An attacker can exploit this vulnerability by sending a POST request to ntpsync.cgi with a sufficiently long parameter...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2019-9122

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntpserver parameter in an ntpsync.cgi POST request...

Cross site request forgery (csrf)

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntpserver parameter in an ntpsync.cgi POST request...

CVE-2019-9122

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the ntpserver parameter in an ntpsync.cgi POST request...

Scientific Linux Security Update : tzdata bug fix update on SL5.x, SL6.x i386/x86_64 (20160621)

This update fixes the following bugs : - In 2015, Egypt did not observe Daylight Savings Time DST. However, in 2016, Egypt observes DST from July 7 at 24:00 to October 27 at 24:00. As a consequence of this change, the tzdata package had incorrect data regarding DST in Egypt in 2016. This has been...