CVE-2026-4497 | Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi recvUpgradeNewFw os command injection

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection.

This vulnerability is registered as CVE-2026-4497. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-4497 | Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi recvUpgradeNewFw os command injection

Post correlati

CVE-2025-54301 | norrnext Quantum Mamanger Component up to 3.2.0 on Joomla File Name cross site scripting

CVE-2024-52615 | Avahi DNS Response injection

CVE-2024-31175 | Open Networking Foundation libfluid 0.1.0 unpack unchecked return value to null pointer dereference

CVE-2025-9652 | Portabilis i-Educar up to 2.10 Cadastrar tipo de transferência Page educar_transferencia_tipo_cad.php nm_tipo/desc_tipo cross site scripting