Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink A7100ru Firmware64 vulnerabilities

Totolink A8000ru Firmware52 vulnerabilities

Totolink X5000r Firmware42 vulnerabilities

Totolink A3300r Firmware39 vulnerabilities

Totolink X6000r Firmware36 vulnerabilities

Totolink A3700r Firmware31 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink X15 Firmware25 vulnerabilities

Totolink Lr350 Firmware25 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A3002r Firmware23 vulnerabilities

Totolink Ex1200t Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink A3600r Firmware20 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink N150rt Firmware15 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink N300rh Firmware14 vulnerabilities

Totolink T6 Firmware14 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink Nr1800x Firmware13 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink T10 Firmware11 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink A3002ru Firmware10 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A702r Firmware10 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink Ca750 Poe9 vulnerabilities

Totolink A7000r Firmware9 vulnerabilities

Totolink Wa300 Firmware8 vulnerabilities

Totolink N300rt Firmware8 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink A800r Firmware7 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink N600r Firmware5 vulnerabilities

Totolink N350rt Firmware4 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink X182 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink N100re Firmware1 vulnerability

Totolink N200re Firmware1 vulnerability

Totolink N302re Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink N302r Firmware1 vulnerability

Totolink N301rt Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink N300rb Firmware1 vulnerability

Totolink A6000ub Firmware1 vulnerability

By the Year

In 2026 there have been 156 vulnerabilities in Totolink with an average score of 8.6 out of ten. Last year, in 2025 Totolink had 253 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Totolink in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.58.




Year Vulnerabilities Average Score
2026 156 8.65
2025 253 8.07
2024 219 9.09
2023 105 9.65
2022 18 9.30
2021 0 0.00
2020 1 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-9543 May 26, 2026
Totolink N300RH 6.1c Remote OS Cmd Injection via setPasswordCfg A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
N300rh Firmware
CVE-2026-9534 May 26, 2026
Totolink CA750-PoE: OS Command Injection (v6.2c.510) A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument PIN can lead to os command injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Ca750 Poe
CVE-2026-9533 May 26, 2026
Totolink CA750-PoE 6.2c.510 Setting Handler RCE via OS Command Injection A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument fwUrl/magicid results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Ca750 Poe
CVE-2026-9532 May 26, 2026
Totolink CA750-PoE 6.2c.510 OS Command Injection via setUploadUserData (remote) A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument FileName leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Ca750 Poe
CVE-2026-9531 May 26, 2026
OS Command Injection in Totolink CA750-PoE 6.2c.510 setUpgradeUboot A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Ca750 Poe
CVE-2026-9515 May 25, 2026
OS Command Injection in Totolink CA750-PoE 6.2c.510 Setting Handler A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument plugin_version results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
Ca750 Poe
CVE-2026-9514 May 25, 2026
Totolink CA750-PoE 6.2c.510 OS Command Injection in Setting Handler CGI A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker/so we can control the NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Ca750 Poe
CVE-2026-9513 May 25, 2026
Command Injection via NTPSyncWithHost on Totolink CA750-PoE 6.2c.510 A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument host_time can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Ca750 Poe
CVE-2026-9512 May 25, 2026
Totolink CA750-PoE 6.2c.510: Remote OS Command Injection in setPasswordCfg A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Ca750 Poe
CVE-2026-9511 May 25, 2026
OS Command Injection in Totolink CA750-PoE 6.2c.510 Setting Handler A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Ca750 Poe
CVE-2026-9478 May 25, 2026
OS Command Injection: Totolink A8000RU WebMgr v7.1cu.643 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setParentalRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-9477 May 25, 2026
Totolink A8000RU 7.1cu.643 Command Injection via Mac in WebMgmt A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-9476 May 25, 2026
Totolink A8000RU 7.1cu.643_b20200521: /cgi-bin/cstecgi.cgi setPasswordCfg OS Command Injection A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-9475 May 25, 2026
OS Command Injection in Totolink A8000RU 7.1cu.643 Web Management Interface A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument Comment causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-9458 May 25, 2026
Totolink A8000RU 7.1cu.643_b20200521: OS Command Injection in Web Mgmt setWanCfg A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-9457 May 25, 2026
OS Command Injection in Totolink A8000RU 7.1cu.643 WebMgmt Interface A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-9456 May 25, 2026
Totolink A8000RU OpenVPN Config Command Injection (pre-7.1cu.643_b20200521) A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enabled results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-9455 May 25, 2026
Totolink A8000RU 7.1cu.643_b20200521 CMD Injection: UploadOpenVpnCert A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-9454 May 25, 2026
Totolink A8000RU 7.1cu.643 OS Command Injection via Web MI A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-9436 May 25, 2026
Totolink A8000RU WebMgmt CMD Injection via setL2tpServerCfg 7.1cu A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-9435 May 25, 2026
Totolink A8000RU 7.1cu.643_b20200521: Remote OS Command Injection via setQosCfg A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-9434 May 25, 2026
Command Injection in Totolink A8000RU 7.1cu.643_b20200521 WebMgmt Interface A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-9433 May 25, 2026
Totolink A8000RU 7.1cu.643 oscmdinject via setMacFilterRules A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-9432 May 25, 2026
Totolink A8000RU 7.1cu OS Command Injection via bgProtection (WMI) A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-9408 May 25, 2026
OS Command Injection in Totolink A8000RU WebMgmt <7.1cu.643_b20200521 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-9407 May 24, 2026
Totolink A8000RU 7.1cu OS Injection via /cgi-bin/cstecgi.cgi setFirewallType A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-9406 May 24, 2026
Totolink A8000RU 7.1cu OS Command Injection via Web Mgmt A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-9405 May 24, 2026
Totolink A8000RU 7.1cu.643 OS Command Injection via Web Mgmt cgi A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-9404 May 24, 2026
Totolink A8000RU 7.1cu.643_b20200521: Remote OS Cmd Injection via Web Mgmt A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-9388 May 24, 2026
Totolink A8000RU 7.1cu.643 OS Cmd Injection in Web Mgmt A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-9387 May 24, 2026
Totolink A8000RU 7.1cu.643 OS Command Injection via Web Mgt Interface A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-9386 May 24, 2026
OS Command Injection in Totolink A8000RU 7.1cu.643 cgi-bin/cstecgi.cgi A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-9385 May 24, 2026
OS cmd. injection in Totolink A8000RU 7.1cu via cstecgi.cgi A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument command causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-9384 May 24, 2026
Totolink A8000RU 7.1cu OS Command Injection via Web MI (cstecgi) A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument ip results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-8137 May 08, 2026
Totolink X5000R 9.1.0u Buffer Overflow in formDdns sub_458E40 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
X5000r Firmware
CVE-2026-7823 May 05, 2026
CVE-2026-7823: Cmd Injection via setAppFilterCfg on Totolink A8000RU 7.1cu A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7750 May 04, 2026
Buffer Overflow in Totolink N300RH 3.2.4-B20220812 setMacFilterRules A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
N300rh Firmware
CVE-2026-7749 May 04, 2026
Remote Buffer Overflow in Totolink N300RH 3.2.4 setWanConfig (POST) A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
N300rh Firmware
CVE-2026-7748 May 04, 2026
Totolink N300RH 3.2.4 Buffer Overflow in POST Request Handler A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
N300rh Firmware
CVE-2026-7747 May 04, 2026
Totolink N300RH 3.2.4 Param.Handler loginauth Buffer Overflow CVE-2026-7747 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
N300rh Firmware
CVE-2026-7721 May 04, 2026
Totolink WA300 5.2cu.7112_B20190227 cmd injection via NTPSyncWithHost A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Wa300 Firmware
CVE-2026-7720 May 04, 2026
Totolink WA300 5.2cu.7112_B20190227 cmdinjection POST setLanguageCfg (cgi-bin) A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Wa300 Firmware
CVE-2026-7719 May 04, 2026
Totolink WA300 5.2cu.7112 B20190227: http_host Buffer Overflow A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Wa300 Firmware
CVE-2026-7718 May 04, 2026
Command Injection in Totolink WA300 5.2cu.7112 via setWebWlanIdx A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
Wa300 Firmware
CVE-2026-7717 May 04, 2026
Buffer Overflow in Totolink WA300 5.2cu.7112_B20190227 UploadCustomModule A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Wa300 Firmware
CVE-2026-7633 May 02, 2026
RFI in Totolink N300RH 6.1c via setUploadSetting A vulnerability was identified in Totolink N300RH 6.1c.1353_B20190305. This impacts the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument FileName leads to file inclusion. The attack may be performed from remote. The exploit is publicly available and might be used.
N300rh Firmware
CVE-2026-7548 May 01, 2026
Command Injection in Totolink NR1800X 9.1.0u.6279 Router A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Nr1800x Firmware
CVE-2026-7546 May 01, 2026
Totolink NR1800X 9.1.0u.6279_B20210910 lighttpd find_host_ip SB-Buffer Overflow A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Nr1800x Firmware
CVE-2026-7538 May 01, 2026
Totolink A8000RU 7.1cu.643 os Command Injection in /cgi-bin/cstecgi.cgi A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7244 Apr 28, 2026
Totolink A8000RU 7.1cu.643 OS CMD Injection via CgiHandler setWiFiEasyGuestCfg A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.