CVE-2026-7243

Totolink A8000RU (firmware 7.1cu.643_b20200521) CGI Handler /cgi-bin/cstecgi.cgi: vulnerable function setRadvdCfg. Attackers can remotely inject OS commands by manipulating the maxRtrAdvInterval argument. Publicly available exploit referenced; no mitigation details provided in the documents. Reme...

CVE-2026-7243 Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

EUVD-2026-26016

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the...

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK Corporation in China. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the setRadvdCfg function in the /cgi-bin/cstecgi.cgi file within the CGI...

CVE-2026-6112

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

EUVD-2026-21700

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

CVE-2026-6112 Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

CVE-2026-6112

Totolink A7100RU CGI vulnerability: the setRadvdCfg function in /cgi-bin/cstecgi.cgi is exploitable via maxRtrAdvInterval, enabling OS command injection over the network. Impact high (confidentiality, integrity, availability). Affected firmware: 7.4cu.2313_b20191024. Exploit publicly available; e...

CVE-2026-6112 Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from an improper handling of the parameter maxRtrAdvInterval in the...

PT-2026-5956

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A buffer overflow condition exists in the software. The issue is located in the setRadvdCfg interface within the /lib/cste modules/ipv6.so module. The setRadvdCfg function does not...

CVE-2025-67188

CVE-2025-67188 affects TOTOLINK A950RG, version 4.1.2cu.5204_B20210112. The vulnerability resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module, where the function fails to validate the length of the user-controlled radvdinterfacename parameter, enabling a stack buffer over...

CVE-2025-67188

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...