These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A command injection vulnerability in the Totolink N300RH wireless router allows unauthenticated remote attackers to execute arbitrary operating system commands via the Web Management Interface. The vulnerability resides in the `setPasswordCfg` function of `/cgi-bin/cstecgi.cgi`, where the `admpass` parameter is passed unsanitized to a shell command. The CVSS 4.0 score of 8.9 (HIGH) reflects network attack [truncated]
A command injection vulnerability in Totolink CA750-PoE 6.2c.510 allows remote attackers to execute arbitrary OS commands via the PIN parameter in the setWiFiWpsConfig function of /cgi-bin/cstecgi.cgi. The vulnerability has a LOW CVSS 4.0 score (2.1) with network attack vector, low attack complexity, and low privileges required. The exploit has been publicly disclosed.
A command injection vulnerability exists in the Totolink CA750-PoE 6.2c.510 router firmware. The flaw resides in the `setUploadUserData` function within `/cgi-bin/cstecgi.cgi`, where unsanitized user input via the `FileName` parameter permits arbitrary operating system command execution. The vulnerability is remotely exploitable and requires low privileges (authenticated access). Public exploit disclosure [truncated]
A remote OS command injection vulnerability exists in Totolink CA750-PoE firmware version 6.2c.510. The vulnerability resides in the `setUnloadUserData` function within the `/cgi-bin/cstecgi.cgi` Setting Handler component. An authenticated attacker with low privileges can inject arbitrary operating system commands via the `plugin_version` parameter. The CVSS 4.0 vector indicates network attack vector, low [truncated]
A command injection vulnerability exists in the Totolink CA750-PoE 6.2c.510 firmware. The setNetworkDiag function in /cgi-bin/cstecgi.cgi fails to sanitize user-supplied input for network diagnostic parameters (NetDiagHost, NetDiagPingNum, NetDiagPingSize, NetDiagPingTimeOut, NetDiagTracertHop), allowing authenticated remote attackers to inject arbitrary operating system commands. The vulnerability requir [truncated]
A command injection vulnerability exists in the NTPSyncWithHost function of the /cgi-bin/cstecgi.cgi endpoint on Totolink CA750-PoE devices running firmware version 6.2c.510. The host_time parameter accepts unsanitized input that is passed to a shell command, enabling authenticated remote attackers to execute arbitrary operating system commands. The vulnerability requires low privileges and no user intera [truncated]
A command injection vulnerability exists in the Totolink CA750-PoE 6.2c.510 firmware. The flaw resides in the setPasswordCfg function within /cgi-bin/cstecgi.cgi, where unsanitized input for the admuser and admpass parameters allows remote attackers to execute arbitrary operating system commands. The vulnerability requires authentication (PR:L per CVSS 4.0 vector), limiting its immediate exploitability. P [truncated]
A command injection vulnerability exists in the Totolink A8000RU wireless router firmware version 7.1cu.643_b20200521. The vulnerability is located in the setIpQosRules function within the /cgi-bin/cstecgi.cgi endpoint of the web management interface. The Comment parameter is improperly sanitized, allowing an attacker to inject and execute arbitrary operating system commands. This vulnerability can be exp [truncated]
A remote OS command injection vulnerability exists in Totolink A8000RU firmware version 7.1cu.643_b20200521. The vulnerability resides in the `setWanCfg` function within the `/cgi-bin/cstecgi.cgi` endpoint of the web management interface. The `enabled` parameter is susceptible to command injection, allowing unauthenticated remote attackers to execute arbitrary operating system commands. The CVSS 4.0 score [truncated]
A command injection vulnerability exists in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability is located in the UploadOpenVpnCert function within the /cgi-bin/cstecgi.cgi endpoint of the web management interface. The FileName parameter is not properly sanitized, allowing an attacker to inject arbitrary operating system commands. This vulnerability can be exploited remotel [truncated]
A command injection vulnerability exists in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability resides in the `setL2tpServerCfg` function within the `/cgi-bin/cstecgi.cgi` web management interface endpoint. The `enable` parameter is not properly sanitized, allowing remote attackers to inject and execute arbitrary operating system commands without authentication. This vulne [truncated]
A command injection vulnerability exists in the Totolink A8000RU wireless router firmware version 7.1cu.643_b20200521. The vulnerability resides in the `setQosCfg` function within the `/cgi-bin/cstecgi.cgi` endpoint of the web management interface. The `enable` parameter is not properly sanitized, allowing remote attackers to inject and execute arbitrary operating system commands without authentication. T [truncated]
A command injection vulnerability exists in the Totolink A8000RU wireless router firmware version 7.1cu.643_b20200521. The vulnerability resides in the `setWiFiWpsCfg` function within the `/cgi-bin/cstecgi.cgi` web management interface endpoint. The `wscDisabled` parameter is not properly sanitized before being passed to system shell execution, allowing remote attackers to inject arbitrary operating syste [truncated]
A command injection vulnerability exists in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability is located in the `setDdnsCfg` function within the `/cgi-bin/cstecgi.cgi` endpoint of the web management interface. The `provider` parameter is not properly sanitized, allowing an unauthenticated remote attacker to inject and execute arbitrary operating system commands. The CVSS [truncated]
A command injection vulnerability exists in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. The vulnerability is located in the setUpgradeFW function within the /cgi-bin/cstecgi.cgi endpoint of the web management interface. The resetFlags parameter is susceptible to OS command injection, allowing remote attackers to execute arbitrary commands without authentication. The vulnerability has [truncated]
A command injection vulnerability exists in the Totolink A8000RU wireless router firmware version 7.1cu.643_b20200521. The vulnerability resides in the `setDiagnosisCfg` function within the `/cgi-bin/cstecgi.cgi` endpoint of the web management interface. The `ip` parameter is not properly sanitized, allowing an unauthenticated remote attacker to inject arbitrary operating system commands. Successful explo [truncated]