CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

NVD•added 2026/04/12 11:16 p.m.•1 views

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

10CVSS0.00316EPSS

Exploits0References5

CVE•added 2026/04/12 10:30 p.m.•6 views

CVE-2026-6132

Affected product: Totolink A7100RU. Vulnerable component: CGI Handler, function setLedCfg in /cgi-bin/cstecgi.cgi. Issue: manipulation of the argument enable leads to OS command injection. Impact: remote code execution possibility with high severity (CVE-2026-6132). Exploit status: publicly discl...

10CVSS7AI score0.00316EPSS

Exploits0References5

Cvelist•added 2026/04/12 10:30 p.m.•18 views

CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection

10CVSS0.00316EPSS

Exploits0References5

Positive Technologies•added 2026/04/12 12:0 a.m.•1 views

PT-2026-32190

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of the Totolink A7100RU router. Specifically, the setLedCfg function within the /cgi-bin/cstecgi.cgi file is susceptible to OS command injecti...

10CVSS7.2AI score0.00316EPSS

Exploits0References11

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-50698

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.04647EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-39276

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00477EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-51137

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.03236EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:34 a.m.•4 views

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection...

9.8CVSS7AI score0.02985EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:4 a.m.•4 views

CVE-2023-46979

TOTOLINK X6000R V9.4.0cu.852B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function...

9.8CVSS7.9AI score0.03236EPSS

Exploits1

RedhatCVE•added 2025/05/22 10:11 p.m.•4 views

CVE-2022-36570

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg...

7.2CVSS7.9AI score0.00477EPSS

Exploits1References1

CNVD•added 2024/08/21 12:0 a.m.•6 views

TOTOLINK X5000R setLedCfg Function OS Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...

6.8CVSS7.8AI score0.00458EPSS

Exploits1References1

OSV•added 2024/08/13 2:15 p.m.•1 views

CVE-2024-42740

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

6.8CVSS6AI score0.00458EPSS

Exploits1References1

CNNVD•added 2024/08/13 12:0 a.m.•2 views

TOTOLINK X5000R 安全漏洞

6.8CVSS8AI score0.00458EPSS

Exploits1References2

Vulnrichment•added 2024/08/13 12:0 a.m.•17 views

CVE-2024-42740

7.1AI score0.00458EPSS

Exploits1References1

Positive Technologies•added 2024/08/13 12:0 a.m.•2 views

PT-2024-30121 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the file /cgi-bin/cstecgi.cgi, specifically in the setLedCfg function. This allows authenticated attackers to send...

6.8CVSS7.6AI score0.00458EPSS

Exploits1References6

CVE•added 2024/08/13 12:0 a.m.•51 views

CVE-2024-42740

CVE-2024-42740 affects TOTOLINK X5000r, version 9.1.0cu.2350_b20230313. The vulnerability is an OS command injection in the file /cgi-bin/cstecgi.cgi within the function setLedCfg . Authenticated attackers can send malicious packets to execute arbitrary commands. Public documents confirm affected...

6.8CVSS7.8AI score0.00458EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/04/24 2:0 p.m.•13 views

CVE-2024-4111 Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS6.9AI score0.00206EPSS

Exploits0References4

CNVD•added 2023/11/02 12:0 a.m.•1 views

TOTOLINK X6000R setLedCfg Function Code Execution Vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. A code execution vulnerability exists in TOTOLINK X6000R. The vulnerability stems from the application failing to properly filter special...

9.8CVSS8.1AI score0.04647EPSS

Exploits1References1

OSV•added 2023/10/31 9:15 p.m.•1 views

CVE-2023-46484

An issue in TOTOlink X6000R V9.4.0cu.852B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function...

9.8CVSS6.1AI score

Exploits0References1