CVE-2026-1149

A vulnerability was identified in Totolink LR350 9.3.5u.6369B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The...

CVE-2023-29802

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...

EUVD-2022-39728

Malicious code in bioql PyPI...

EUVD-2022-39190

Malicious code in bioql PyPI...

EUVD-2022-44719

Malicious code in bioql PyPI...

EUVD-2022-47202

Malicious code in bioql PyPI...

EUVD-2022-39736

Malicious code in bioql PyPI...

EUVD-2023-33340

Malicious code in bioql PyPI...

CVE-2023-37172

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function...

CVE-2023-36952

TOTOLINK CP300+ V5.2cu.7594B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg...

CVE-2022-41526

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the ip parameter in the setDiagnosisCfg function...

CVE-2022-44253

TOTOLINK LR350 V9.3.5u.6369B20220309 contains a post-authentication buffer overflow via parameter ip in the setDiagnosisCfg function...

CVE-2022-36481

TOTOLINK N350RT V9.3.5u.6139B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg...

CVE-2022-36466

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg...

CVE-2024-7175

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated...

CVE-2023-50147

There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822B20200513...

CVE-2023-36952

TOTOLINK CP300+ V5.2cu.7594B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg...

Stack overflow

TOTOLINK CP300+ V5.2cu.7594B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg...

TOTOLINK CP300+ Buffer Error Vulnerability

The TOTOLINK CP300+ is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CP300+ version V5.2cu.7594B20200910 and prior versions, which originates from the pingIp parameter in the function setDiagnosisCfg containing a stack overflow...

PT-2023-29100 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version EN V9.3.5u.6146 B20201023 Description: A critical issue was found, affecting the setDiagnosisCfg function, which leads to os command injection. This can be initiated remotely. Recommendations: For TOTOLINK EX1200L...