CVE-2026-6112 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setRadvdCfg maxRtrAdvInterval os command injection

Inserito da Angelo Barbosa | Apr 11, 2026 | CVE

A vulnerability classified as critical has been found in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection.

This vulnerability is handled as CVE-2026-6112. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-6112 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setRadvdCfg maxRtrAdvInterval os command injection

Post correlati

CVE-2024-29927 | HasTheme WishSuite Plugin up to 1.3.7 on WordPress cross site scripting

CVE-2024-7022 | Google Chrome up to 122.0.6261.128 V8 uninitialized variable (Issue 324690)

CVE-2024-31913 | IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2 Web UI cross site scripting

CVE-2023-52840 | Linux Kernel up to 6.6.1 rmi_unregister_function use after free