21 matches found
CVE-2026-9543
A vulnerability has been found in Totolink N300RH 6.1c.1353B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. T...
CVE-2026-6195
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...
CVE-2026-6195 Totolink A7100RU CGI cstecgi.cgi setPasswordCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...
CVE-2026-6195
Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by a vulnerability in CGI Handler’s /cgi-bin/cstecgi.cgi setPasswordCfg. Manipulating the admpass argument enables os command injection and can be exploited remotely. The exploit is publicly disclosed. No additional technical details (e...
EUVD-2023-28223
Malicious code in bioql PyPI...
CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...
CVE-2023-24159
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function...
TOTOLINK EX1800T setPasswordCfg function buffer overflow vulnerability
The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from a buffer overflow vulnerability that stems from the setPasswordCfg function failing to properly validate the length and size of the input data, which can be exploited by an...
CVE-2023-46510
An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...
PT-2023-30066 · Zioncom (Hong Kong) Technology Limited · A7000R
Name of the Vulnerable Software and Affected Versions: ZIONCOM Hong Kong Technology Limited A7000R version 4.1cu.4154 Description: An issue allows an attacker to execute arbitrary code via the "cig-bin/cstecgi.cgi" endpoint to the setPasswordCfg function. Recommendations: For version 4.1cu.4154,...
CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...
CVE-2023-37171
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...
PT-2023-12948 · Totolink · Totolink Outdoor Cpe Cp900
Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: The issue concerns a command injection vulnerability in the setPasswordCfg function, which can be exploited via the adminuser and adminpass parameters. This allows attackers t...
CVE-2023-24159
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function...
Command injection
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function...
CVE-2023-24159
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function...
CVE-2023-24160
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...
CVE-2023-24159
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function...
CVE-2023-24160
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...
TOTOLINK CA300-PoE 命令注入漏洞
The TOTOLINK CA300-PoE is a wireless access point from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884, which was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function...