CVE-2026-1547 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Inserito da Angelo Barbosa | Gen 28, 2026 | CVE

A vulnerability was found in Totolink A7000R 4.1cu.4154. It has been declared as critical. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection.

This vulnerability is known as CVE-2026-1547. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-1547 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUnloadUserData plugin_name command injection

Post correlati

CVE-2024-1529 | CMS Made Simple 2.2.14 /admin/adduser.php cross site scripting

CVE-2025-41727 | Beckhoff Automation Beckhoff.Device.Manager.XAR Device Manager User Interface unprotected alternate channel (VDE-2025-092)

CVE-2024-26931 | Linux Kernel up to 6.9-rc1 qla2xxx null pointer dereference

CVE-2024-4062 | Hualai Xiaofang iSC5 3.2.2_112 certificate validation