PT-2026-36749

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description An issue exists in the POST Request Handler component where the manipulation of the webWlanIdx argument in the setWebWlanIdx function of the '/cgi-bin/cstecgi.cgi' endpoint allows for...

TOTOLINK CA600-PoE setWebWlanIdx Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setWebWlanIdx function failing to properly filter construct command special characters, commands, etc. No detailed...

CVE-2025-28038

TOTOLINK EX1200T V4.1.2cu.5232B20210713 was found to contain a pre-auth remote command execution vulnerability in the setWebWlanIdx function through the webWlanIdx parameter...

TOTOLINK EX1200T 安全漏洞

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. The TOTOLINK EX1200T suffers from a command execution vulnerability that originates from the presence of a pre-authenticated remote command execution of the webWlanIdx...

PT-2025-18657 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: A command injection issue was discovered in the setWebWlanIdx function through the webWlanIdx parameter. This issue allows attackers to execute arbitrary commands via a manipulated...

CVE-2024-34206

CVE-2024-34206 affects TOTOLINK outdoor CPE CP450, specifically version 4.1.0cu.747_B20191224. The flaw is in the setWebWlanIdx function, where the webWlanIdx parameter allows command injection. CVSS 3.1 base score 6.5 (Medium): Adjacent access, no privileges required, no user interaction, but in...

CVE-2024-31808

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the webWlanIdx parameter in the setWebWlanIdx function...

CVE-2023-24161

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function...

TOTOLINK CA300-PoE 命令注入漏洞

The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which originates from the discovery of a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function...

PT-2022-17723 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: Totolink A830R version 5.9c.4729 B20191112 Totolink A3100R version 4.1.2cu.5050 B20200504 Totolink A950RG version 4.1.2cu.5161 B20200903 Totolink A800R version 4.1.2cu.5137 B20200730 Totolink A3000RU version 5.9c.5185 B20201128 Totolink A810R...