CVE-2026-7140 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi CsteSystem HTTP os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability categorized as critical has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection.

This vulnerability is listed as CVE-2026-7140. The attack may be performed from remote. In addition, an exploit is available.

CVE-2026-7140 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi CsteSystem HTTP os command injection

Post correlati

CVE-2024-1680 | Premium Addons for Elementor Plugin up to 4.10.21 on WordPress cross site scripting

CVE-2025-10676 | fuyang_lipengjun platform 1.0 /brand/queryAll BrandController improper authorization

CVE-2026-1615 | jsonpath code injection (SNYK-JS-JSONPATH-13645034)

CVE-2025-11607 | harry0703 MoneyPrinterTurbo up to 1.2.6 API Endpoint music.py upload_music File path traversal