33 matches found
CVE-2026-9475
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...
CVE-2026-9475
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...
CVE-2026-9475 Totolink A8000RU Web Management cstecgi.cgi setIpQosRules os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is...
CVE-2026-9475
Totolink A8000RU Web Management interface vulnerable in /cgi-bin/cstecgi.cgi (function setIpQosRules). CVE-2026-9475 affects Totolink A8000RU 7.1cu.643_b20200521; manipulating the Comment argument enables OS command injection. Remote exploitation is possible; exploit publicly disclosed. According...
EUVD-2026-21812
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...
CVE-2026-6156 Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...
CVE-2026-6156 Totolink A7100RU CGI cstecgi.cgi setIpQosRules os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...
CVE-2026-6156
Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected via CGI Handler’s setIpQosRules function in /cgi-bin/cstecgi.cgi. Manipulating the Comment argument enables os command injection with remote exploitation reported. Public exploits exist. Affected product details and impact are corrobora...
TOTOLINK A950RG Stack Buffer Overflow Vulnerability
The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a stack buffer overflow vulnerability that stems from insufficient validation of the length of the comment parameter in the setIpQosRules interface, which can b...
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
CVE-2025-67187
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
PT-2026-5955
Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A stack-based buffer overflow exists in the setIpQosRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the comment parameter...
CVE-2025-67187
CVE-2025-67187 affects TOTOLINK A950RG (v4.1.2cu.5204_B20210112) via /lib/cste_modules/firewall.so, setIpQosRules: the comment parameter is not properly validated for length, causing a stack-based buffer overflow. Affected component is the setIpQosRules interface; root cause is insufficient input...
EUVD-2025-206712
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204B20210112. The flaw exists in the setIpQosRules interface of /lib/cstemodules/firewall.so where the comment parameter is not properly validated for length...
CVE-2024-34200
TOTOLINK CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpQosRules function...
The vulnerability of the setIpQosRules() function in TOTOLINK CP450 router software allows a intruder to cause a service failure.
The vulnerability of the setIpQosRules function in TOTOLINK CP450 router software lies in the issue of the operation exceeding the buffer in memory when processing the comment parameter. Exploiting this vulnerability could allow an attacker to cause service interruptions...
CVE-2024-7176
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has...