CVE-2026-9387

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

CVE-2026-9387 Totolink A8000RU Web Management cstecgi.cgi setUpgradeFW os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

CVE-2026-9387 Totolink A8000RU Web Management cstecgi.cgi setUpgradeFW os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is...

EUVD-2026-26939

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

PT-2026-36793

Name of the Vulnerable Software and Affected Versions Totolink N300RH version 3.2.4-B20220812 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists in the setUpgradeFW function within the '/cgi-bin/cstecgi.cgi' endpoint when manipulating...

CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-1623

Totolink A7000R 4.1cu.4154 is affected by a command-injection in the file /cgi-bin/cstecgi.cgi, via manipulating the FileName argument in the setUpgradeFW function. The vulnerability is exploitable remotely; public exploit/poc material exists and exploit maturity is labeled as PROOF-OF-CONCEPT. I...

CVE-2026-1623

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

EUVD-2026-4962

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-1623 Totolink A7000R cstecgi.cgi setUpgradeFW command injection

A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-28039

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setUpgradeFW function through the FileName parameter...

VulnCheck KEV: CVE-2022-28912

TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...

PT-2024-38144 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found in the setUpgradeFW function of the /cgi-bin/cstecgi.cgi file. The manipulation of the FileName argument leads to buffer overflow. The attack may be...

PT-2024-25739 · Totolink · Totolink Outdoor Cpe Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK outdoor CPE CP450 version 4.1.0cu.747 B20191224 Description: A command injection issue was found in the setUpgradeFW function via the FileName parameter. Recommendations: For version 4.1.0cu.747 B20191224, consider restricting access...

TOTOLINK EX200 安全漏洞

TOTOLINK EX200 is a wireless N range extender from China Gion Electronics TOTOLINK , which is mainly used to extend the coverage of the existing Wi-Fi network and solve the problem of signal blind zones. A code execution vulnerability exists in the TOTOLINK EX200, which stems from the FileName...

CVE-2022-28494

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK T8 命令注入漏洞

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the slaveIpList parameter of the setUpgradeFW method failing to correctly filter construct command special...

The vulnerability of the `setUpgradeFW` function in TOTOLINK router microprogramming devices, such as TOTOLINK A800R, TOTOLINK A810R, TOTOLINK A830R, TOTOLINK A950RG, TOTOLINK A3000RU, and TOTOLINK A3100R, allows a hacker to execute arbitrary commands.

The vulnerability of the setUpgradeFW function parameter FileName in the microprogramming software for TOTOLINK A800R, TOTOLINK A810R, TOTOLINK A830R, TOTOLINK A950RG, TOTOLINK A3000RU, and TOTOLINK A3100R routers is related to the lack of measures for cleaning input data. Exploiting this...

VulnCheck KEV: CVE-2022-26210

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the...