Svigo

30 exploits Active since Mar 2026
CVE-2026-31162 WRITEUP MEDIUM WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31163 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31166 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31167 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31168 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31169 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31173 WRITEUP MEDIUM WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31159 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31160 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31164 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31165 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31171 WRITEUP MEDIUM WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31172 WRITEUP MEDIUM WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31174 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31175 WRITEUP CRITICAL WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunEnable parameter to /cgi-bin/cstecgi.cgi.
CVSS 9.8
CVE-2026-31176 WRITEUP MEDIUM WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31177 WRITEUP CRITICAL WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi.
CVSS 9.8
CVE-2026-31178 WRITEUP CRITICAL WORKING POC
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi.
CVSS 9.8
CVE-2026-31179 WRITEUP MEDIUM WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.
CVSS 6.5
CVE-2026-31181 WRITEUP CRITICAL WRITEUP
ToToLink A3300R v17.0.0cu.557_B20221024 - Command Injection
An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi.
CVSS 9.8
CVE-2026-3802 WRITEUP HIGH WORKING POC
Tenda i3 1.0.0.6(2204) - Buffer Overflow
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-3803 WRITEUP HIGH WORKING POC
Tenda i3 1.0.0.6(2204) - Buffer Overflow
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2026-3804 WRITEUP HIGH WORKING POC
Tenda i3 1.0.0.6(2204) - Buffer Overflow
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-3807 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14 - Buffer Overflow
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
CVE-2026-3808 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 8.8