{"id":7759,"date":"2025-07-07T20:26:08","date_gmt":"2025-07-07T20:26:08","guid":{"rendered":"http:\/\/localhost\/?p=7759"},"modified":"2025-07-07T20:26:08","modified_gmt":"2025-07-07T20:26:08","slug":"totolink-n200re-cstecgicgi-sub41a0f8-os-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7759","title":{"rendered":"TOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTOTOLINK N200RE cstecgi.cgi sub_41A0F8 os command injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-08T00:32:07.691Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-08T00:32:07.691Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nN200RE<\/td>\n<\/tr>\n
Version<\/th>\n9.3.5u.6095_B20200916<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in TOTOLINK N200RE routers allows remote attackers to execute system commands via os command injection in the Hostname argument of the cstecgi.cgi file. This could lead to full system compromise.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
AI Product<\/th>\nTOTOLINK N200RE<\/td>\n<\/tr>\n
AI Version<\/th>\n9.3.5u.6095_B20200916, 9.3.5u.6139_B20201216<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n