CVE-2026-9534

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-9534 Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os command injection

A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The...

CVE-2026-9534

Summary: Totolink CA750-PoE firmware 6.2c.510 is affected by a vulnerability in the Setting Handler (file /cgi-bin/cstecgi.cgi, function setWiFiWpsConfig). A manipulation of the PIN argument can lead to an OS command injection, and the attack can be launched remotely. The exploit has been publish...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696 Totolink N300RH CGI cstecgi.cgi setWiFiWpsConfig os command injection

A vulnerability was found in Totolink N300RH 6..1c.1353B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has...

CVE-2026-3696

CVE-2026-3696 affects Totolink N300RH (CGI Handler, /cgi-bin/cstecgi.cgi) where the setWiFiWpsConfig function can be manipulated to trigger OS command injection. Public exploit details indicate remote exploitaton with high impact across confidentiality, integrity, and availability. Affected versi...

EUVD-2025-23538

Malicious code in bioql PyPI...

TOTOLINK N600R Command Injection Vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...

CVE-2025-51390

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function...

CVE-2025-51390

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function...

CVE-2025-51390

CVE-2025-51390 affects TOTOLINK N600R firmware (4.3.0cu.7647_B20210106). The vulnerability is in the setWiFiWpsConfig function, where the pin parameter can be abused to achieve command injection due to inadequate input filtering. This allows arbitrary command execution with a network attacker hav...

TOTOLINK N600R setWiFiWpsConfig function buffer overflow vulnerability

The TOTOLINK N600R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N600R suffers from a buffer overflow vulnerability that stems from the pin parameter in the setWiFiWpsConfig function failing to properly validate the length size of the input data, which can be exploited...

CVE-2025-22903

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...

PT-2025-16378 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK N600R version 4.3.0cu.7647 B20210106 Description: A stack overflow issue was discovered via the pin parameter in the setWiFiWpsConfig function. Recommendations: For TOTOLINK N600R version 4.3.0cu.7647 B20210106, consider disabling th...

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...