Aggregator

Digital marauders have devised methodologies to transmute mundane Android smartphones into entirely subjugated apparatuses. Indian authorities report that

The post Digital Wraiths: How Android’s “God Mode” is Turning Smartphones into Banking Trojans appeared first on Penetration Testing Tools.

Submit #792688 / VDB-355508

A vulnerability has been found in Totolink A3300R 17.0.0cu.557_B20221024 and classified as critical. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. This vulnerability is referenced as CVE-2026-5679. The attack needs to be initiated within the local network. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The identification of this vulnerability is CVE-2026-5678. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #792652 / VDB-250461

Submit #792651 / VDB-250461

Submit #792650 / VDB-355506

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. This vulnerability was named CVE-2026-5677. The attack may be initiated remotely. In addition, an exploit is available.

Submit #792648 / VDB-250461

Submit #792647 / VDB-250461

Submit #792646 / VDB-250461

Submit #792645 / VDB-250463

Submit #792641 / VDB-250462

Submit #792640 / VDB-252400

Submit #792639 / VDB-252400

Submit #792638 / VDB-250462

Submit #792637 / VDB-250463

A vulnerability classified as critical was found in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument langType leads to missing authentication. This vulnerability is uniquely identified as CVE-2026-5676. The attack can be launched remotely. Moreover, an exploit is present. Restrictive firewalling should be applied.

Submit #792636 / VDB-250459

Submit #792635 / VDB-250461