Filtered by vendor Totolink
Subscriptions
Total
1197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31178 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-6194 | 1 Totolink | 1 A3002mu | 2026-04-22 | 8.8 High |
| A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-6195 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-22 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-31170 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-4497 | 1 Totolink | 2 Wa300, Wa300 Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-5679 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-22 | 5.5 Medium |
| A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-5689 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-22 | 7.3 High |
| A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | ||||
| CVE-2026-3696 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-04-21 | 7.3 High |
| A vulnerability was found in Totolink N300RH 6..1c.1353_B20190305. The affected element is the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5690 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-21 | 7.3 High |
| A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5692 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-21 | 7.3 High |
| A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-6158 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-04-19 | 7.3 High |
| A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-0641 | 1 Totolink | 2 Wa300, Wa300 Firmware | 2026-04-18 | 6.3 Medium |
| A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-1155 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-04-18 | 8.8 High |
| A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Affected by this vulnerability is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-1143 | 1 Totolink | 2 A3700r, A3700r Firmware | 2026-04-18 | 8.8 High |
| A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-1601 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-04-18 | 6.3 Medium |
| A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-2167 | 1 Totolink | 2 Wa300, Wa300 Firmware | 2026-04-18 | 6.3 Medium |
| A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-1150 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-04-18 | 6.3 Medium |
| A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-1326 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2026-04-18 | 6.3 Medium |
| A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-1547 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-04-18 | 6.3 Medium |
| A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-1548 | 1 Totolink | 2 A7000r, A7000r Firmware | 2026-04-18 | 6.3 Medium |
| A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||