CVE-2026-6029 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setVpnAccountCfg User os command injection

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability labeled as critical has been found in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection.

This vulnerability is cataloged as CVE-2026-6029. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-6029 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setVpnAccountCfg User os command injection

Post correlati

CVE-2024-25350 | PHPGurukul Zoo Management System 1.0 edit-ticket.php tickettype/tprice sql injection

CVE-2022-49517 | Linux Kernel up to 5.18.2 of_parse_phandle reference count

CVE-2024-8078 | TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 setTracerouteCfg buffer overflow

CVE-2025-7209 | 9fans plan9port up to 9da5b44 src/libsec/port/x509.c value_decode null pointer dereference (Issue 711)