CVE-2026-7202 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setWiFiWpsStart wscDisabled os command injection

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection.

This vulnerability is documented as CVE-2026-7202. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-7202 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setWiFiWpsStart wscDisabled os command injection

Post correlati

CVE-2024-56997 | PHPGurukul Hospital Management System 4.0 /doctor/index.php Email cross site scripting

CVE-2025-26367 | Nozomi Q-Free MaxTime up to 2.11.0 HTTP routes.lua authorization

CVE-2026-34401 | Microsoft XmlNotepad prior 2.9.0.21 HTTP/SMB xml external entity reference (GHSA-5j32-486h-42ch)

CVE-2025-55116 | BMC Control-M/Agent 9.0.18/9.0.19/9.0.20 stack-based overflow