Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink A7100ru Firmware64 vulnerabilities

Totolink X5000r Firmware41 vulnerabilities

Totolink A3300r Firmware38 vulnerabilities

Totolink X6000r Firmware36 vulnerabilities

Totolink A3700r Firmware31 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink X15 Firmware25 vulnerabilities

Totolink Lr350 Firmware25 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A3002r Firmware23 vulnerabilities

Totolink Ex1200t Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink A3600r Firmware20 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink N150rt Firmware15 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink T6 Firmware14 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink T10 Firmware11 vulnerabilities

Totolink Nr1800x Firmware11 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink A3002ru Firmware10 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink A702r Firmware10 vulnerabilities

Totolink A7000r Firmware9 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink N300rh Firmware8 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink A800r Firmware7 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink N300rt Firmware6 vulnerabilities

Totolink N600r Firmware5 vulnerabilities

Totolink N350rt Firmware4 vulnerabilities

Totolink Wa300 Firmware3 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink A8000ru Firmware2 vulnerabilities

Totolink X182 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink N100re Firmware1 vulnerability

Totolink N302re Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink N302r Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

Totolink N301rt Firmware1 vulnerability

Totolink N200re Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink N300rb Firmware1 vulnerability

Totolink A6000ub Firmware1 vulnerability

By the Year

In 2026 there have been 80 vulnerabilities in Totolink with an average score of 8.3 out of ten. Last year, in 2025 Totolink had 253 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Totolink in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.23.




Year Vulnerabilities Average Score
2026 80 8.29
2025 253 8.07
2024 219 9.09
2023 105 9.65
2022 18 9.30
2021 0 0.00
2020 1 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-6195 Apr 13, 2026
Remote OS Command Injection in Totolink A7100RU Router CGI setPasswordCfg 7.4cu A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6194 Apr 13, 2026
Totolink A3002MU B20211125.1046 HTTP ReqHandler Buffer Overflow A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-6168 Apr 13, 2026
Stack Buffer Overflow in TOTOLINK A7000R setWiFiEasyGuestCfg before 9.1.0u.6115 A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A7000r Firmware
CVE-2026-6158 Apr 13, 2026
Totolink N300RH 6.1c OS Command Injection via setUpgradeUboot in upgrade.so A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
N300rh Firmware
CVE-2026-6157 Apr 13, 2026
Totolink A800R 4.1.2cu Buffer Overflow via apcliSsid (setAppEasyWizardConfig) A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
A800r Firmware
CVE-2026-6156 Apr 13, 2026
OS Command Injection in Totolink A7100RU 7.4cu CGI Handler (setIpQosRules) A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6155 Apr 13, 2026
TOTOLINK A7100RU 7.4cu.2313 CGI Cmd Injection via pppoeServiceName A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6154 Apr 13, 2026
OS Command Injection via setWizardCfg on Totolink A7100RU 7.4cu.2313 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-6140 Apr 13, 2026
Totolink A7100RU 7.4cu.2313 Remote CGI Handler cmd Injection A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
A7100ru Firmware
CVE-2026-6139 Apr 13, 2026
Totolink A7100RU 7.4cu Command Injection via CGI UploadOpenVpnCert A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A7100ru Firmware
CVE-2026-6138 Apr 13, 2026
Totolink A7100RU 7.4cu.2313_b20191024 Remote CMD Injection via MAC arg A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
A7100ru Firmware
CVE-2026-6132 Apr 12, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI setLedCfg A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A7100ru Firmware
CVE-2026-6131 Apr 12, 2026
Totolink A7100RU 7.4cu.2313 os Command Injection via /cgi-bin/cstecgi.cgi A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
A7100ru Firmware
CVE-2026-6116 Apr 12, 2026
OS Command Injection in Totolink A7100RU CGI Handler before 7.4cu.2313 A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A7100ru Firmware
CVE-2026-6115 Apr 12, 2026
OS Command Injection in Totolink A7100RU 7.4cu.2313_b20191024 via CGI A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.
A7100ru Firmware
CVE-2026-6114 Apr 12, 2026
Totolink A7100RU 7.4cu OS Cmd Injection via setNetworkCfg proto A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-6113 Apr 12, 2026
Totolink A7100RU 7.4cu OS Command Injection via setTtyServiceCfg A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6112 Apr 12, 2026
Totolink A7100RU 7.4cu.2313_b20191024 CGI: maxRtrAdvInterval Command Injection A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6029 Apr 10, 2026
Totolink A7100RU 7.4cu VPN-Cmdi via CGI_Handler A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-6028 Apr 10, 2026
OS Command Injection in Totolink A7100RU CGI Handler 7.4cu.2313_b20191024 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6027 Apr 10, 2026
Remote OSCmdInject via CGI Handler in Totolink A7100RU 7.4cu 2313 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6026 Apr 10, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection in CGI Handler A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-6025 Apr 10, 2026
OS Command Injection via CGI Handler in Totolink A7100RU 7.4cu.2313 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
A7100ru Firmware
CVE-2026-5997 Apr 10, 2026
OS Command Injection via admpass in Totolink A7100RU 7.4cu.2313 CGI Handler A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-5996 Apr 10, 2026
OS Command Injection in Totolink A7100RU 7.4cu.2313 CGI via tty_server A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-5995 Apr 10, 2026
Totolink A7100RU 7.4cu os command injection via CGI setMiniuiHomeInfoShow A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-5994 Apr 10, 2026
Totolink A7100RU 7.4cu CGI Handler NoS Exec via telnet_enabled A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-5993 Apr 10, 2026
Totolink A7100RU 7.4cu.2313_b20191024 - CGI OS Command Injection via wifiOff A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A7100ru Firmware
CVE-2026-5978 Apr 09, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI Handler A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-5977 Apr 09, 2026
Totolink A7100RU 7.4cu.2313 os Command Injection via wifiOff CGI A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-5976 Apr 09, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI Handler A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-5975 Apr 09, 2026
Totolink A7100RU 7.4cu.2313 CGI Handler Command Injection A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
A7100ru Firmware
CVE-2026-5854 Apr 09, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via cstecgi.cgi A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-5853 Apr 09, 2026
Totolink A7100RU 7.4cu: CGI cmd injection setIpv6LanCfg (addrPrefixLen) A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-5852 Apr 09, 2026
Totolink A7100RU OS Command Injection in CGI Handler igmpVer - 7.4cu.2313 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-5851 Apr 09, 2026
Remote OS Command Injection via CGI in Totolink A7100RU (7.4cu.2313_b20191024) A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-5850 Apr 09, 2026
Totolink A7100RU 7.4cu OS Command Injection via setVpnPassCfg (pptpPassThru) A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
A7100ru Firmware
CVE-2026-5692 Apr 06, 2026
Totolink A7100RU 7.4cu OS Command Injection via setGameSpeedCfg A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
A7100ru Firmware
CVE-2026-5691 Apr 06, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via setFirewallType A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
A7100ru Firmware
CVE-2026-5690 Apr 06, 2026
Totolink A7100RU 7.4cu OS Command Injection via setRemoteCfg A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.
A7100ru Firmware
CVE-2026-5689 Apr 06, 2026
Totolink A7100RU OS Command Injection via setNtpCfg (v7.4cu) A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-5688 Apr 06, 2026
Totolink A7100RU 7.4cu os cmd injection via setDdnsCfg CGI A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-5679 Apr 06, 2026
OSCmdInj via stun_pass in Totolink A3300R v1.70.0cu.557_B20221024 vsetTr069Cfg A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used.
A3300r Firmware
CVE-2026-5678 Apr 06, 2026
Totolink A7100RU 7.4cu Command Injection in cstecgi.cgi setScheduleCfg A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-5677 Apr 06, 2026
Totolink A7100RU 7.4cu Remote OS Command Injection via cstecgi.cgi A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-5676 Apr 06, 2026
Totolink A8000R 5.9c.681 Remote Auth Bypass via setLanguageCfg A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-5178 Mar 31, 2026
Totolink A3300R 17.0.0cu.557_b20221024: setIptvCfg Command Injection A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A3300r Firmware
CVE-2026-5177 Mar 31, 2026
Command Injection via setWiFiBasicCfg in Totolink A3300R 17.0.0cu.557_b20221024 A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument rxRate can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A3300r Firmware
CVE-2026-5176 Mar 31, 2026
Totolink A3300R 17.0.0cu.557_cgi cmd injection in setSyslogCfg A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. Affected is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument provided results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A3300r Firmware
CVE-2026-5105 Mar 30, 2026
Totolink A3300R 17.0.0cu.557 cmd injection via setVpnPassCfg(pptpPassThru) A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
A3300r Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.