Li Tengzheng

205 exploits Active since Feb 2026
CVE-2026-9386 WRITEUP CRITICAL WRITEUP
Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVSS 9.8
CVE-2026-9387 WRITEUP CRITICAL WRITEUP
Totolink A8000RU Web Management cstecgi.cgi setUpgradeFW os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument resetFlags results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-9388 WRITEUP CRITICAL WRITEUP
Totolink A8000RU Web Management cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument mode can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 9.8
CVE-2026-9389 WRITEUP HIGH WRITEUP
Tenda F456 L7Im frmL7ImForm buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
CVE-2026-7823 WRITEUP CRITICAL WRITEUP
Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-4163 WRITEUP CRITICAL WRITEUP
Wavlink WL-WN579A3 220323 - Command Injection
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading the affected component is recommended.
CVSS 9.8
CVE-2026-4164 WRITEUP CRITICAL WRITEUP
Wavlink WL-WN578W2 221110 - Command Injection
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component.
CVSS 9.8
CVE-2026-4166 WRITEUP LOW WRITEUP
Wavlink WL-NU516U1 240425 - Cross-Site Scripting via Homepage/Hostname Parameter
A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
CVSS 3.5
CVE-2026-4167 WRITEUP HIGH WRITEUP
Belkin F9K1122 1.00.33 - Buffer Overflow
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-4543 WRITEUP MEDIUM WRITEUP
Wavlink WL-WN578W2 POST Request firewall.cgi command injection
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmz_flag/del_flag results in command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2026-4544 WRITEUP LOW WRITEUP
Wavlink WL-WN578W2 POST Request login.cgi cross site scripting
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/login_page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2026-4566 WRITEUP HIGH WRITEUP
Belkin F9K1122 formWISP5G stack-based overflow
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-7538 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS 9.8
CVE-2026-7240 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVSS 9.8
CVE-2026-7241 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setWiFiBasicCfg os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS 9.8
CVE-2026-7242 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setOpenVpnClientCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS 9.8
CVE-2026-7243 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setRadvdCfg os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS 9.8
CVE-2026-7244 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-7202 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 9.8
CVE-2026-7203 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVSS 9.8
CVE-2026-7204 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 9.8
CVE-2026-7152 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS 9.8
CVE-2026-7153 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
CVE-2026-7154 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 9.8
CVE-2026-7155 WRITEUP CRITICAL WRITEUP
Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8