Vulnerabilities

CVE-2026-1150 - Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection

2026-01-19 0 views admin

CVE ID : CVE-2026-1150 Published : Jan. 19, 2026, 11:15 a.m. | 45 minutes ago Description : A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-1150

Severity

MEDIUM

Published

Jan. 19, 2026

Impact: command injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1150medium

CVE-2026-1150 - Totolink LR350 POST Request cstecgi.cgi setTracerouteCfg command injection

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1157 - Totolink LR350 cstecgi.cgi setWiFiEasyCfg buffer overflow

CVE-2026-21618 - Cross-site scripting (XSS) in OAuth Device Authorization screen

CVE-2026-1159 - itsourcecode Online Frozen Foods Ordering System order_online.php sql injection

CVE-2026-1158 - Totolink LR350 POST Request cstecgi.cgi setWizardCfg buffer overflow

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3