CVE-2026-7136 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setDmzCfg wanIdx os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection.

The identification of this vulnerability is CVE-2026-7136. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-7136 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setDmzCfg wanIdx os command injection

Post correlati

CVE-2022-44581 | WPMU Defender Security Plugin up to 3.3.2 on WordPress Temporary File sensitive information

CVE-2024-24937 | JetBrains TeamCity up to 2023.11.1 Agent Distribution cross site scripting

CVE-2024-4251 | Tenda i21 1.0.0.14(4656) /goform/DhcpSetSe fromDhcpSetSer stack-based overflow

CVE-2025-11914 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFileReport.do?Action=Download download FilePath path traversal