CVE-2026-5996 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setAdvancedInfoShow tty_server os command injection

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability marked as critical has been reported in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection.

This vulnerability is traded as CVE-2026-5996. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5996 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setAdvancedInfoShow tty_server os command injection

Post correlati

CVE-2024-43808 | JetBrains TeamCity up to 2024.07 HashiCorp Vault Vlugin cross site scripting

CVE-2017-15832 | Qualcomm Snapdragon Mobile MDM9206/MDM9607/SD 835/SD 845/SD 850 WLAN Host Driver input validation

CVE-2026-32063 | OpenClaw up to 2026.2.20 systemd Unit File Generation environment command injection

CVE-2024-44095 | Google Android code/drm_fw.c ppmp_protect_mfcfw_buf memory corruption