CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 4 days ago•5 views

CVE-2026-7242

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from...

10CVSS7.4AI score0.01221EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-6195

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be...

10CVSS7.4AI score0.01235EPSS

RedhatCVE•added 2026/05/29 8:13 p.m.•9 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

EUVD•added 2026/05/25 6:45 a.m.•8 views

EUVD-2026-31643

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...

CVE•added 2026/05/25 6:45 a.m.•13 views

CVE-2026-9435

The CVE affects Totolink A8000RU Web Management Interface (7.1cu.643_b20200521). The vulnerable element is the function setQosCfg in /cgi-bin/cstecgi.cgi; manipulating the enable argument enables an OS command injection. Remote exploitation is possible and the exploit is public. The vulnerability...

EUVD•added 2026/05/24 2:30 p.m.•8 views

EUVD-2026-31544

A weakness has been identified in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to...

CVE•added 2026/05/24 2:15 p.m.•12 views

CVE-2026-9387

CVE-2026-9387 affects Totolink A8000RU Web Management, specifically the /cgi-bin/cstecgi.cgi function setUpgradeFW. The vulnerability arises from manipulation of the resetFlags argument, leading to OS command injection. Impact is described as remote, with high confidentiality, integrity, and avai...

10CVSS7AI score0.01254EPSS

CNNVD•added 2026/05/24 12:0 a.m.•6 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the mode parameter in the setScheduleCfg functi...

10CVSS7.3AI score0.01254EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42945

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed...

10CVSS7AI score0.01254EPSS

NVD•added 2026/05/05 5:16 a.m.•5 views

CVE-2026-7823

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

10CVSS0.01221EPSS

EUVD•added 2026/05/04 8:45 a.m.•1 views

EUVD-2026-26941

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The...

9CVSS6.2AI score0.00036EPSS

Vulnrichment•added 2026/05/04 8:30 a.m.•2 views

CVE-2026-7748 Totolink N300RH POST Request cstecgi.cgi setUpgradeFW buffer overflow

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched...

9CVSS7.8AI score0.00099EPSS

ATTACKERKB•added 2026/05/04 8:15 a.m.•1 views

CVE-2026-7747

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be...

10CVSS7.7AI score0.0011EPSS

CNNVD•added 2026/05/04 12:0 a.m.•5 views

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from an operation on the parameterFileName in the setUpgradeFW function of the POST Request Handler...

9CVSS7.9AI score0.00099EPSS

RedhatCVE•added 2026/05/02 2:47 a.m.•3 views

CVE-2026-7546

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. The impacted element is the function findhostip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

10CVSS6.3AI score0.00039EPSS