CVE-2026-1547

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “pluginname” in the setUnloadUserData function located in the...

TOTOLINK N300RH plugin_name parameter command injection vulnerability

TOTOLINK N300RH is a long range wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N300RH suffers from a command injection vulnerability that stems from the parameter pluginname in the file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special characters,...

CVE-2022-28918

GreenCMS v2.3.0603 is affected by an arbitrary file deletion vulnerability exploitable over the network via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. The CVE entry indicates this allows deletion of arbitrary files, with CVSSv3.1 base score 8.1 (HIGH) and a network attack vector;...