CVE-2026-6138 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setAccessDeviceCfg mac os command injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection.

This vulnerability is handled as CVE-2026-6138. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-6138 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setAccessDeviceCfg mac os command injection

Post correlati

CVE-2025-25285 | octokit endpoint.js up to 10.1.2 REST API Endpoint redos (GHSA-x4c5-c7rf-jjgv)

CVE-2023-21165 | Google Android devicemem_server.c DevmemtUnmapPMR use after free

CVE-2025-23106 | Samsung Mobile Processor Exynos 1480/2200/2400 use after free

CVE-2024-47357 | Leevio Happy Addons for Elementor Plugin up to 3.12.0 on WordPress cross site scripting