CVE-2026-5851 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setUPnPCfg enable os command injection

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. It has been declared as critical. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection.

This vulnerability is identified as CVE-2026-5851. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-5851 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setUPnPCfg enable os command injection

Post correlati

CVE-2026-32279 | opensource-workshop connect-cms up to 1.41.0/2.41.0 server-side request forgery (GHSA-jh46-85jr-6ph9)

CVE-2026-22640 | SICK Incoming Goods Suite up to 1.2.0 /api/org/users/ access control

CVE-2025-11770 | BrightTALK Shortcode Plugin up to 2.4.0 on WordPress format cross site scripting

CVE-2025-48828 | vBulletin 6.0.3 Template improper protection of alternate path