Command Injection Vulnerability in TOTOLINK N200RE setOpModeCfg

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a command injection of hostName in setOpModeCfg. No details of the vulnerability are provided at this time...

CVE-2025-55893

TOTOLINK N200RE V9.3.5u.6437B20230519 is vulnerable to command Injection in setOpModeCfg via hostName...

CVE-2025-55893

The CVE-2025-55893 entry targets TOTOLINK N200RE with a command-injection flaw in setOpModeCfg exposed via the hostName parameter. Affected firmware: N200RE 9.3.5u.6437_B20230519. Root cause is command injection in hostName handling; impact is potential unauthorized control of the device. Exploit...

CVE-2025-12258

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from...

CVE-2025-12258 TOTOLINK A3300R POST Parameter cstecgi.cg setOpModeCfg stack-based overflow

A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument opmode results in stack-based buffer overflow. The attack may be performed from...

CVE-2023-52030

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setOpModeCfg function...

TOTOLINK LR1200GB setOpModeCfg Function OS Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's Gion Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks, and is primarily used to provide mobile broadband connectivity and Wi-Fi coverage. The TOTOLINK LR1200GB suffers from an operating system command...

PT-2023-31745 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1200L version 9.3.5u.6146 B20201023 Description: The issue allows for arbitrary command execution via the "cstecgi.cgi" interface, specifically through the setOpModeCfg function. This could potentially be exploited through the...

CVE-2023-49417

TOTOLink A7000R V9.1.0u.6115B20201022 has a stack overflow vulnerability via setOpModeCfg...

The vulnerability of the setOpModeCfg function in TOTOLINK LR350 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the setOpModeCfg function in TOTOLINK LR350 router microprogramming software is related to the lack of measures to protect input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2023-37145

TOTOLINK LR350 V9.3.5u.6369B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function...

PT-2023-24359 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R versions V9.1.0u.6118 B20201102 through V9.1.0u.6369 B20230113 Description: The issue concerns a command insertion vulnerability in the setOpModeCfg function. This vulnerability allows an attacker to execute arbitrary commands...