#totolink
55 articles
CVE-2026-10187: Stack-Based Buffer Overflow in Totolink N300RH
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Perfor...
CVE-2026-9543: OS command injection in Totolink N300RH
A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipula...
CVE-2026-7823: OS command injection in Totolink A8000RU
OS command injection in Totolink A8000RU 7.1cu.643_b20200521 via the setAppFilterCfg function in /cgi-bin/cstecgi.cgi. The manipulation of the enable argument allows remote code execution. Public exploit available...
CVE-2026-7719: Buffer overflow in Totolink WA300
A buffer overflow has been identified in the loginauth function of /cgi-bin/cstecgi.cgi on Totolink WA300 routers. Manipulation of the http_host argument enables a remote attack...
CVE-2026-7747: Buffer overflow in Totolink N300RH
A buffer overflow has been identified in the loginauth function of /cgi-bin/cstecgi.cgi on Totolink N300RH routers. Manipulation of the Password argument enables a remote attack...
CVE-2026-7538: OS command injection in Totolink A8000RU
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 affecting /cgi-bin/cstecgi.cgi (CGI Handler). Manipulating the proto argument leads to remote OS command injection...
CVE-2026-7546: Stack buffer overflow in Totolink NR1800X
A stack-based buffer overflow exists in the find_host_ip function of the lighttpd component on Totolink NR1800X routers. Manipulation of the Host header enables a remote attack...
CVE-2026-36841: Command injection in TOTOLINK N200RE V5
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
CVE-2026-7202: OS command injection in Totolink A8000RU (setWiFiWpsStart)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiWpsStart function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wscDisabled argument - the exploit has been disclosed...
CVE-2026-7203: OS command injection in Totolink A8000RU (setUrlFilterRules)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been made public...
CVE-2026-7204: OS command injection in Totolink A8000RU (setPptpServerCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setPptpServerCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been disclosed...
CVE-2026-7240: OS command injection in Totolink A8000RU (setVpnAccountCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setVpnAccountCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the User argument - the exploit has been disclosed...
CVE-2026-7241: OS command injection in Totolink A8000RU (setWiFiBasicCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wifiOff argument - the exploit has been made public...
CVE-2026-7243: OS command injection in Totolink A8000RU (setRadvdCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setRadvdCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the maxRtrAdvInterval argument - the exploit is publicly available...
CVE-2026-7242: OS command injection in Totolink A8000RU (setOpenVpnClientCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setOpenVpnClientCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enabled argument - the exploit has been disclosed...
CVE-2026-7244: OS command injection in Totolink A8000RU (setWiFiEasyGuestCfg)
A security flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiEasyGuestCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the merge argument - the exploit has been released...
CVE-2026-7121: OS command injection in Totolink A8000RU (setWizardCfg)
A flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWizardCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wizard argument - the exploit has been published...
CVE-2026-7122: OS command injection in Totolink A8000RU (setUPnPCfg)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the setUPnPCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the enable argument - the exploit has been disclosed...
CVE-2026-7136: OS command injection in Totolink A8000RU (setDmzCfg)
A weakness in Totolink A8000RU 7.1cu.643_b20200521 in the setDmzCfg function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the wanIdx argument - the exploit has been made public...
CVE-2026-7140: OS command injection in Totolink A8000RU (CsteSystem)
A vulnerability in Totolink A8000RU 7.1cu.643_b20200521 in the CsteSystem function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the HTTP argument - the exploit has been disclosed...
CVE-2026-7139: OS command injection in Totolink A8000RU (setWiFiAclRules)
A flaw in Totolink A8000RU 7.1cu.643_b20200521 in the setWiFiAclRules function of /cgi-bin/cstecgi.cgi allows remote OS command injection via the mode argument - the exploit has been published...
CVE-2026-7037: OS command injection in Totolink A8000RU router - public exploit
Totolink A8000RU 7.1cu.643_b20200521 contains an OS command injection in the setVpnPassCfg function of /cgi-bin/cstecgi.cgi - a public exploit is available...
CVE-2026-31175: Command injection in TOTOLINK A3300R via stunEnable parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunEnable parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-31177: Command injection in TOTOLINK A3300R via stunMinAlive parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunMinAlive parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-31181: Command injection in TOTOLINK A3300R via stunServerAddr parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunServerAddr parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-31178: Command injection in TOTOLINK A3300R via stunMaxAlive parameter
TOTOLINK A3300R firmware v17.0.0cu.557_B20221024 allows attackers to execute arbitrary commands via the stunMaxAlive parameter in the /cgi-bin/cstecgi.cgi endpoint...
CVE-2026-6131: OS command injection via setTracerouteCfg() in Totolink A7100RU CGI
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The m...
CVE-2026-6132: OS command injection via setLedCfg() in Totolink A7100RU CGI
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulati...
CVE-2026-6138: OS command injection via setAccessDeviceCfg() in Totolink A7100RU CGI
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation...
CVE-2026-6139: OS command injection via UploadOpenVpnCert() in Totolink A7100RU CGI
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of...
CVE-2026-6140: OS command injection via UploadFirmwareFile() in Totolink A7100RU CGI
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulatio...
CVE-2026-6154: OS command injection via setWizardCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performin...
CVE-2026-6155: OS command injection via setWanCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of...
CVE-2026-6156: OS command injection via setIpQosRules() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula...
CVE-2026-6195: OS command injection via setPasswordCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler...
CVE-2026-5993: OS command injection via setWiFiGuestCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such man...
CVE-2026-5994: OS command injection via setTelnetCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a m...
CVE-2026-5995: OS command injection via setMiniuiHomeInfoShow() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manip...
CVE-2026-5996: OS command injection via setAdvancedInfoShow() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Hand...
CVE-2026-5997: OS command injection via setLoginPasswordCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manip...
CVE-2026-6025: OS command injection via setSyslogCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ...
CVE-2026-6026: OS command injection via setPortalConfWeChat() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
CVE-2026-6027: OS command injection via setUrlFilterRules() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a ma...
CVE-2026-6028: OS command injection via setPptpServerCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu...
CVE-2026-6029: OS command injection via setVpnAccountCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula...
CVE-2026-5850: OS command injection via setVpnPassCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the ...
CVE-2026-5851: OS command injection via setUPnPCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of th...
CVE-2026-5852: OS command injection via setIptvCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the arg...
CVE-2026-5853: OS command injection via setIpv6LanCfg() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI ...
CVE-2026-5854: OS command injection via setWiFiEasyCfg() in Totolink A7100RU CGI
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a...
CVE-2026-5975: OS command injection via setDmzCfg() in Totolink A7100RU CGI
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation...
CVE-2026-5976: OS command injection via setStorageCfg() in Totolink A7100RU CGI
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipu...
CVE-2026-5978: OS command injection via setWiFiAclRules() in Totolink A7100RU CGI
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul...
CVE-2026-5977: OS command injection via setWiFiBasicCfg() in Totolink A7100RU CGI
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulati...
CVE-2026-31027: Buffer overflow in Totolink A3600r Firmware
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not ...