Vulnerabilities

CVE-2026-1149 - Totolink LR350 POST Request cstecgi.cgi setDiagnosisCfg command injection

2026-01-19 0 views admin

CVE ID : CVE-2026-1149 Published : Jan. 19, 2026, 10:16 a.m. | 1 hour, 44 minutes ago Description : A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1149

Severity

MEDIUM

Published

Jan. 19, 2026

Impact: command injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1149medium

CVE-2026-1149 - Totolink LR350 POST Request cstecgi.cgi setDiagnosisCfg command injection

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1157 - Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow

CVE-2026-21618 - Cross-site scripting (XSS) in OAuth Device Authorization screen

CVE-2026-1159 - itsourcecode Online Frozen Foods Ordering System order_online.php sql injection

CVE-2026-1158 - Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3