17 matches found
CVE-2026-6155
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...
CVE-2026-6155 Totolink A7100RU CGI cstecgi.cgi setWanCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...
CVE-2026-1326
A weakness has been identified in Totolink NR1800X 9.1.0u.6279B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated...
EUVD-2023-35870
Malicious code in bioql PyPI...
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...
CVE-2024-7214
A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. T...
CVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...
Command injection
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...
CVE-2024-22942
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function...
PT-2024-1167 · Totolink · Totolink Lr1200Gb
Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue was found in the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to...
PT-2023-29114 · Totolink · Totolink Ex1200T
Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version EN V9.3.5u.6146 B20201023 Description: A critical issue affects the setWanCfg function, leading to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2023-31569
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection via the setWanCfg function...
Command injection
Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-27005
Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...