CVE-2026-9388

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

EUVD-2024-20586

Malicious code in bioql PyPI...

CVE-2024-23061

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function...

CVE-2025-3668 TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has...

TOTOLINK X5000R recHour Parameter Command Injection Vulnerability in the setScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "recHour" parameter in setScheduleCfg failing to correctly filter for constructor special characters,...

TOTOLINK X5000R setScheduleCfg Function Minute Parameter Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "minute" parameter in setScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

CVE-2024-23061

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function...