CVE-2026-5688 Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed...

CVE-2025-12239 TOTOLINK A3300R cstecgi.cgi setDdnsCfg buffer overflow

A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public...

EUVD-2024-20584

Malicious code in bioql PyPI...

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

TOTOLINK A3700R Access Control Error Vulnerability (CNVD-2025-12019)

The TOTOLINK A3700R is a wireless router that provides network connectivity for homes and small offices. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from improper access control of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file. No detailed...

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

PT-2024-19650 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the username parameter in the setDdnsCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...