Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

RedhatCVE
RedhatCVEadded 2 days ago4 views

CVE-2026-9515

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 12:16 a.m.8 views

CVE-2026-9515

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS0.04841EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device produced by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from the operation of the setUnloadUserData function in the...

6.5CVSS6.6AI score0.04841EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/25 11:15 p.m.9 views

CVE-2026-9515

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/25 11:15 p.m.33 views

CVE-2026-9515 Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS0.04841EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/25 11:15 p.m.6 views

CVE-2026-9515 Totolink CA750-PoE Setting cstecgi.cgi setUnloadUserData os command injection

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/25 11:15 p.m.8 views

EUVD-2026-31771

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument pluginversion results in os command injection. The attack may be launched remotel...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References5
CVE
CVEadded 2026/05/25 11:15 p.m.11 views

CVE-2026-9515

Totolink CA750-PoE (firmware 6.2c.510) is affected by an OS command injection in the Setting Handler’s /cgi-bin/cstecgi.cgi function setUnloadUserData when manipulating the plugin_version argument. The vulnerability enables remote exploitation with low privileges and could impact confidentiality,...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.9 views

PT-2026-43158

A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin version results in os command injection. The attack may be launched...

6.5CVSS6.4AI score0.04841EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/30 3:24 a.m.6 views

CVE-2026-1547

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

9.8CVSS5.7AI score0.0067EPSS
Exploits1References1
EUVD
EUVDadded 2026/01/29 12:31 a.m.5 views

EUVD-2026-4846

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

6.5CVSS5.7AI score0.0067EPSS
Exploits1References7
NVD
NVDadded 2026/01/28 10:15 p.m.3 views

CVE-2026-1547

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

9.8CVSS0.0067EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/01/28 10:2 p.m.2 views

CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

6.5CVSS5.7AI score0.0067EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/01/28 10:2 p.m.3 views

CVE-2026-1547

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

6.5CVSS5.7AI score0.0067EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/01/28 10:2 p.m.21 views

CVE-2026-1547 Totolink A7000R cstecgi.cgi setUnloadUserData command injection

A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be us...

6.5CVSS0.0067EPSS
Exploits1References6
CVE
CVEadded 2026/01/28 10:2 p.m.8 views

CVE-2026-1547

Totolink A7000R 4.1cu.4154 is affected by CVE-2026-1547 in the setUnloadUserData function of /cgi-bin/cstecgi.cgi. Manipulating the plugin_name argument enables command injection, with remote exploitation and a publicly available exploit. Multiple connected sources confirm the issue and its remot...

9.8CVSS5.7AI score0.0067EPSS
Exploits1References6Affected Software1
CNNVD
CNNVDadded 2026/01/28 12:0 a.m.2 views

TOTOLINK A7000R Command Injection Vulnerability

TOTOLINK A7000R is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “pluginname” in the setUnloadUserData function located in the...

9.8CVSS6.6AI score0.0067EPSS
Exploits1References6
OSV
OSVadded 2025/05/18 3:15 a.m.1 views

CVE-2025-4850

A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pluginname leads to command injection. It is possible to initiate the attack remotely. The...

5.3CVSS6.3AI score
Exploits0References5
OSV
OSVadded 2023/02/03 4:15 p.m.4 views

CVE-2023-24145

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...

9.8CVSS5.8AI score0.14899EPSS
Exploits1References1
Prion
Prionadded 2023/02/03 4:15 p.m.16 views

Command injection

TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...

7.5CVSS9.8AI score0.14899EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder