24 matches found
CVE-2026-9515
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
CVE-2026-9515
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
TOTOLINK CA750-PoE 操作系统命令注入漏洞
TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from the operation of the setUnloadUserData function in the...
CVE-2026-9515
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
EUVD-2026-31771
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
CVE-2026-9515 Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
CVE-2026-9515 Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...
CVE-2026-9515
Totolink CA750-PoE (firmware 6.2c.510) is affected by an OS command injection in the Setting Handler’s /cgi-bin/cstecgi.cgi function setUnloadUserData when manipulating the plugin_version argument. The vulnerability enables remote exploitation with low privileges and could impact confidentiality,...
PT-2026-43158
A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin version results in os command injection. The attack may be launched...
CVE-2026-1547
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
EUVD-2026-4846
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2026-1547
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2026-1547
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...
CVE-2026-1547
Totolink A7000R 4.1cu.4154 is affected by CVE-2026-1547 in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. Manipulating the plugin_name argument enables command injection, with remote exploitation and a publicly available exploit. Multiple connected sources confirm the issue and its remot...
TOTOLINK A7000R Command Injection Vulnerability
TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “pluginname” in the setUnloadUserData function located in the...
The vulnerability of the setUnloadUserData function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system allows a malicious actor to execute arbitrary commands.
The vulnerability of the setUploadUserData function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3002RH router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in operating systems commands. Exploiting this vulnerability can allow a...
CVE-2025-4850
A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname leads to command injection. It is possible to initiate the attack remotely. The...
CVE-2023-24145
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...