CVE-2026-1150 | Totolink LR350 9.3.5u.6369_B20220309 POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Inserito da Angelo Barbosa | Gen 18, 2026 | CVE

A vulnerability, which was classified as critical, was found in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection.

This vulnerability is reported as CVE-2026-1150. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1150 | Totolink LR350 9.3.5u.6369_B20220309 POST Request /cgi-bin/cstecgi.cgi setTracerouteCfg command command injection

Post correlati

CVE-2024-32516 | Palscode Multi Currency for WooCommerce Plugin up to 1.5.5 on WordPress authorization

CVE-2024-7276 | itsourcecode Alton Management System 1.0 /admin/member_save.php last/first sql injection

CVE-2025-62914 | Effect Maker Plugin up to 1.2.1 on WordPress authorization

CVE-2025-7559 | PHPGurukul Online Fire Reporting System 1.2 bwdates-report-result.php fromdate/todate sql injection