CVE-2026-7138 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setNtpCfg tz os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been declared as critical. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection.

This vulnerability is identified as CVE-2026-7138. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-7138 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setNtpCfg tz os command injection

Post correlati

VDB-264458 | TrojanSpy.Win64.EMOTET.A CRYPTBASE.dll uncontrolled search path

CVE-2023-7259 | zzdevelop lenosp up to 20230831 Adduser Page username cross site scripting (I7XC2Y)

CVE-2025-5492 | D-Link DI-500WF-WT up to 20250511 /usr/sbin/jhttpd /msp_info.htm?flag=cmd sub_456DE8 command injection

CVE-2025-4472 | code-projects Departmental Store Management System 1.0 bill Item Code stack-based overflow