CNNVD-202601-972 Information
Jan 06, 2026
cve
CNNVD ID
CNNVD-202601-972
Related CVE
- CNNVD Published: 2026-01-06
Description (Chinese)
TOTOLINK WA300是中国吉翁电子(TOTOLINK)公司的一款无线接入点。 TOTOLINK WA300 5.2cu.7112_B20190227版本存在命令注入漏洞,该漏洞源于对文件cstecgi.cgi中参数UPLOAD_FILENAME的错误操作,可能导致命令注入。
Description (English)
TOTOLINK WA300 is a wireless access point for the Chinese company TOTOLINK. TOTOLINK WA 300 5.2cu.7112 B20190227 has a command-injecting loophole, which stems from an error in the operation of UPLOAD FILENAME, the parameter in document cstecgi.cgi, which may lead to the command-injection.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
吉翁电子
Published
2026-01-06
Last Modified
2026-02-24
References
https://vuldb.com/?id.339684 https://www.totolink.net/ https://github.com/JackWesleyy/CVE/blob/main/WA300/TOTOLINK_WA300_RCE.md#poc https://vuldb.com/?ctiid.339684 https://vuldb.com/?submit.732234 https://access.redhat.com/security/cve/cve-2026-0641
Share on: