18 matches found
TOTOLINK A3300R recHour Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...
EUVD-2026-25258
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31168
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
PT-2026-34715
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
CVE-2026-31168
CVE-2026-31168 describes a command-injection vulnerability in ToToLink A3300R firmware (versions around 17.0.0cu.557_B20221024 / 17.0.0cu.557 B20221024). The flaw allows an attacker to execute arbitrary commands by supplying a crafted recHour parameter to the CGI endpoint /cgi-bin/cstecgi.cgi. Th...
CVE-2026-31168
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R 命令注入漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R recHour parameter, which originates from the failure of the recHour parameter in the /cgi-bin/cstecgi.cgi file to correctly filter user input, and can be...
CVE-2025-12259
A flaw has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate th...
CVE-2025-12259
A flaw has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate th...
CVE-2025-12259 TOTOLINK A3300R POST Parameter cstecgi.cgi setScheduleCfg stack-based overflow
A flaw has been found in TOTOLINK A3300R 17.0.0cu.557B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation of the argument recHour causes stack-based buffer overflow. It is possible to initiate th...
PT-2025-43920
Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A flaw exists in TOTOLINK A3300R. The issue is a stack-based buffer overflow caused by the manipulation of the recHour argument within the setScheduleCfg function located in the...
EUVD-2024-53487
Malicious code in bioql PyPI...
TOTOLINK X5000R recHour Parameter Command Injection Vulnerability in the setScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "recHour" parameter in setScheduleCfg failing to correctly filter for constructor special characters,...
CVE-2024-57014
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg...
CVE-2024-57014
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg...
TOTOLINK X5000R 安全漏洞
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "recHour" parameter in setScheduleCfg failing to correctly filter for constructor special characters,...
CVE-2024-57014
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg...
CVE-2024-57014
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg...