CVE-2026-7121

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-6154 Totolink A7100RU CGI cstecgi.cgi setWizardCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiat...

CVE-2024-46419

TOTOLINK AC1200 T8 v4.1.5cu.861B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter...

CVE-2024-42545

TOTOLINK A3700R v9.1.2u.5822B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function...

TOTOLINK AC1200 setWizardCfg function buffer overflow vulnerability

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 v4.1.5cu.861B20230220 version, which stems from the failure of the ssid5g parameter of the setWizardCfg function to correctly validate the length and...

PT-2024-27690 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: A stack overflow issue was discovered in the setWizardCfg function via ssid5g. Recommendations: For TOTOLINK A3700R version 9.1.2u.6165 20211012, as a temporary workaround, consider...

Command injection

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.85220230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public...