39 matches found
CVE-2026-7240
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...
CVE-2026-7240
CVE-2026-7240 affects Totolink A8000RU 7.1cu.643_b20200521. The vulnerability resides in CGI Handler’s /cgi-bin/cstecgi.cgi function setVpnAccountCfg, where manipulation of the User argument enables OS command injection. This can be exploited remotely with no authentication (attack vector: NETWOR...
CVE-2026-7240 Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely...
PT-2026-35684
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description A remote OS command injection exists in the CGI Handler component. The issue occurs within the setVpnAccountCfg function of the '/cgi-bin/cstecgi.cgi' endpoint when manipulating the User...
TOTOLINK A8000RU 命令注入漏洞
TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the operation of the User parameter in the setVpnAccountCfg function of the /cgi-bin/cstecgi.cgi...
EUVD-2026-21324
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
CVE-2026-6029
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
CVE-2026-6029 Totolink A7100RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
CVE-2026-6029
Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by a vulnerability in the CGI Handler file /cgi-bin/cstecgi.cgi, specifically the setVpnAccountCfg function. Manipulating the User argument leads to an OS command injection. The flaw can be exploited remotely, and public exploits exist ...
CVE-2026-6029
A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. Th...
PT-2026-31887
Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A vulnerability exists in the Totolink A7100RU router. The setVpnAccountCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to OS command...
EUVD-2024-53489
Malicious code in bioql PyPI...
EUVD-2024-53491
Malicious code in bioql PyPI...
CVE-2024-57017
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg...
CVE-2024-57018
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg...
CVE-2024-57019
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg...
CVE-2024-57016
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg...
TOTOLINK X5000R Limit Parameter Command Injection Vulnerability in the setVpnAccountCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...
TOTOLINK X5000R setVpnAccountCfg function desc parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability, which stems from the "desc" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...