CVE-2026-7121

Totolink A8000RU 7.1cu.643_b20200521 has a vulnerability in the CGI Handler, specifically the setWizardCfg function in /cgi-bin/cstecgi.cgi. The wizard parameter manipulation leads to os command injection, with remote exploit possibility and an exploit published. The CVE indicates a critical seve...

EUVD-2026-25835

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-7119

CVE-2026-7119 affects: Tenda HG3 2.0. The vulnerability lies in an unknown function within the file /boaform/formCountrystr, where manipulating the argument countrystr leads to an OS command injection . This can be exploited remotely, and the exploit is publicly available. The connected sources s...

CVE-2026-7102

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

EUVD-2026-25802

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-7102 Tenda F456 httpd WriteFacMac FromWriteFacMac command injection

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

CVE-2026-7096 Tenda HG3 formgponConf os command injection

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7096

The CVE-2026-7096 entry concerns Tenda HG3 (2.0 300003070) where the vulnerable component is formgponConf under /boaform/admin/formgponConf. The root cause is manipulation of the fmgpon_loid parameter leading to an OS command injection, with a network-exposed (remote) attack surface and a high im...

EUVD-2026-25786

A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgponloid results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7066

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-31255

A command injection vulnerability exists in Tenda AC18 V15.03.05.05multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setIptvCfg function in the CGI Handler component/cgi-bin/cstecgi.cgi file, which allows for OS...

PT-2026-35525

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643 b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated...

PT-2026-35378

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

PT-2026-35529

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now...

PT-2026-35524

A weakness has been identified in Totolink A8000RU 7.1cu.643 b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty server can lead to os command injection. The attack can be launched...

PT-2026-35521

A security flaw has been discovered in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys info results in os command injection. The attack can...

PT-2026-35530

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider mcp server/server.py of the component aider ai code. This manipulation of the argument relative editable files causes...

PT-2026-35419

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...