CVE-2026-9457 Totolink A8000RU Web Management cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was determined in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible...

CVE-2026-9457

CVE-2026-9457 affects Totolink A8000RU Web Management interface (file /cgi-bin/cstecgi.cgi, function UploadFirmwareFile). The vulnerability arises from manipulating the FileName argument, leading to os command injection. It can be exploited remotely without authentication, as indicated by the des...

PT-2026-43046

A vulnerability was determined in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possibl...

CVE-2026-6140

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140 Totolink A7100RU CGI cstecgi.cgi UploadFirmwareFile os command injection

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

CVE-2026-6140

Affected product: Totolink A7100RU (CGI Handler, /cgi-bin/cstecgi.cgi). Vulnerability: In UploadFirmwareFile, manipulating the FileName argument enables os command injection. Impact: Remote attacker could exploit; exploit public. CVSS metrics in initial and connected docs indicate CRITICAL severi...

EUVD-2024-35724

Malicious code in bioql PyPI...

EUVD-2023-33338

Malicious code in bioql PyPI...

EUVD-2022-39729

Malicious code in bioql PyPI...

EUVD-2022-39169

Malicious code in bioql PyPI...

EUVD-2024-16093

Malicious code in bioql PyPI...

EUVD-2023-51134

Malicious code in bioql PyPI...

CVE-2023-51034

TOTOlink EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface...

CVE-2022-41518

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi...

CVE-2022-36460

TOTOLINK A3700R V9.1.2u.6134B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

VulnCheck KEV: CVE-2023-46574

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...

CVE-2024-35401

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function...