CVE-2026-9457

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

EUVD-2026-31677

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

TOTOLINK A8000RU 操作系统命令注入漏洞

The TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. An OS command injection vulnerability exists in TOTOLINK A8000RU version 7.1cu.643b20200521, which originates from the parameter of the function UploadFirmwareFile in the file /cgi-bin/cstecgi.cgi in the component W...

EUVD-2026-21766

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2023-29800

TOTOLINK X18 V9.1.0cu.2024B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

CVE-2022-37076

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

PT-2025-47394

Name of the Vulnerable Software and Affected Versions Eurolab ELTS100 UBX version ELTS100v1.UBX Description The Eurolab ELTS100 UBX device is subject to Broken Access Control because of a lack of authentication on critical administrative endpoints. Attackers can directly access and modify sensiti...

EUVD-2023-57612

Malicious code in bioql PyPI...

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS allows a intruder to gain unauthorized access to file writing and execute arbitrary code.

The vulnerability of the uploadFWBinary method in the network management system for monitoring industrial networks of Siemens SINEC NMS is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating...

VulnCheck KEV: CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...

CVE-2022-49949

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fwupload is allocated in firmwareuploadregister. This data needs to be freed in fwdevrelease. Create a new fwuploadfree...

The vulnerability in the upload_firmware.cgi function of D-Link DIR-823G router software allows a hacker to induce a service failure.

The vulnerability of the uploadfirmware.cgi function in D-Link DIR-823G router microprogramming software is related to pointer aliasing errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

PT-2024-3294 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to a Null-pointer dereference in the main function of upload firmware.cgi, which can be exploited by remote attackers to cause a Denial of Service DoS via a crafted input...

D-Link DIR-822 安全漏洞

The D-Link DIR-822 is a wireless router from China-based AUO D-Link. A security vulnerability exists in D-Link DIR-822+ version V1.0.5, which originates from a command injection in the ftext function of uploadfirmware.cgi, allowing remote attackers to execute arbitrary commands via a shell...

CVE-2024-33344

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of uploadfirmware.cgi, which allows remote attackers to execute arbitrary commands via shell...

The vulnerability of the UploadFirmwareFile() function in the microprogramming software for TOTOLINK A3700R allows a hacker to execute arbitrary code.

The vulnerability of the UploadFirmwareFile function in the microprogrammed software of TOTOLINK A3700R wireless routers is related to the lack of measures to sanitize input data during the processing of the FileName parameter. Exploiting this vulnerability could allow an attacker to execute...