CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/25 7:0 a.m.•9 views

CVE-2026-9436

Exploits0References6Affected Software1

Cvelist•added 2026/05/25 7:0 a.m.•35 views

CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection

10CVSS0.02005EPSS

EUVD•added 2026/05/25 7:0 a.m.•8 views

EUVD-2026-31644

Vulnrichment•added 2026/05/25 7:0 a.m.•8 views

CVE-2026-9436 Totolink A8000RU Web Management cstecgi.cgi setL2tpServerCfg os command injection

CVE•added 2026/05/25 7:0 a.m.•19 views

CVE-2026-9436

Totolink A8000RU Web Management (cgi-bin/cstecgi.cgi, function setL2tpServerCfg) is affected by an os command injection when manipulating the enable argument. The flaw is exploitable remotely and has an exploit published. Impact concerns high confidentiality, integrity, and availability per CVSS,...

CNNVD•added 2026/05/25 12:0 a.m.•7 views

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The Totolink A8000RU version 7.1cu.643b20200521 suffers from an OS command injection vulnerability that originates from the operation of the function setL2tpServerCfg on the parameter enable in the Web Management...

10CVSS7.3AI score0.02005EPSS

Exploits0References7

Positive Technologies•added 2026/05/25 12:0 a.m.•8 views

PT-2026-43015

A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

BDU FSTEC•added 2025/05/23 12:0 a.m.•2 views

The vulnerability of the setL2tpServerCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software allows a attacker to cause a service failure.

The vulnerability of the setL2tpServerCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted...

5.3CVSS5.9AI score0.00481EPSS

Exploits1References6Affected Software1

CNVD•added 2025/04/22 12:0 a.m.•1 views

TOTOLINK A3700R Access Control Error Vulnerability

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity. TOTOLINK A3700R suffers from an access control error vulnerability that originates from improper access control of the setL2tpServerCfg function in the /cgi-bin/cstecgi.cgi file, for which no detailed...

6.9CVSS5.3AI score0.00481EPSS

OSV•added 2025/04/16 7:15 a.m.•4 views

CVE-2025-3675

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been...

5.3CVSS5.6AI score0.00481EPSS

Exploits1References5

Vulnrichment•added 2025/04/16 7:0 a.m.•6 views

CVE-2025-3675 TOTOLINK A3700R cstecgi.cgi setL2tpServerCfg access control

6.9CVSS7.1AI score0.00481EPSS

Exploits1References5

CNNVD•added 2025/04/16 12:0 a.m.•2 views

TOTOLINK A3700R 安全漏洞

6.9CVSS5.4AI score0.00481EPSS

Exploits1References5

BDU FSTEC•added 2025/02/19 12:0 a.m.•6 views

The vulnerability of the setL2tpServerCfg() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the setL2tpServerCfg function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when dealing with parameters such as mtu...

9CVSS5.9AI score0.02175EPSS

Exploits1References2Affected Software1

OSV•added 2024/08/12 8:15 p.m.•1 views

CVE-2024-42741

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

8.8CVSS6AI score0.01168EPSS

Cvelist•added 2024/08/12 12:0 a.m.•17 views

CVE-2024-42741

0.01168EPSS

CNNVD•added 2024/08/12 12:0 a.m.•5 views

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setL2tpServerCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command speci...

8.8CVSS7.7AI score0.01168EPSS

Exploits1References2

CVE•added 2024/08/12 12:0 a.m.•63 views

CVE-2024-42741

TOTOLINK X5000r v9.1.0cu.2350_b20230313 is affected by an OS command injection in /cgi-bin/cstecgi.cgi via setL2tpServerCfg. Authenticated attackers can send a crafted packet to execute arbitrary commands. Subsystems: the vulnerability is tied to the setL2tpServerCfg function in cstecgi.cgi, enab...

8.8CVSS7.7AI score0.01168EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2022/05/05 6:15 p.m.•3 views

CVE-2022-28580

It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows an attacker to execute arbitrary commands through a carefully constructed payload...

10CVSS7.4AI score0.02911EPSS

Exploits1References2

OSV•added 2022/05/05 6:15 p.m.•2 views

CVE-2022-28580

9.8CVSS6AI score0.02911EPSS