CVE-2026-5689 | Totolink A7100RU 7.4cu.2313_b20191024 /cgi-bin/cstecgi.cgi setNtpCfg tz os command injection

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability classified as critical has been found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection.

This vulnerability is known as CVE-2026-5689. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-5689 | Totolink A7100RU 7.4cu.2313_b20191024 /cgi-bin/cstecgi.cgi setNtpCfg tz os command injection

Post correlati

CVE-2024-0930 | Tenda AC10U 15.03.06.49_multi_TDE01 fromSetWirelessRepeat wpapsk_crypto stack-based overflow

CVE-2023-51553 | Foxit PDF Reader Bookmark out-of-bounds (ZDI-23-1867)

CVE-2024-23482 | Zscaler Client Connector prior 4.2.0.241 on macOS ZScaler Service input validation

CVE-2025-68145 | modelcontextprotocol servers up to 2025.12.16 repo_path path traversal