CVE-2026-7721 | Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi NTPSyncWithHost hostTime command injection

Inserito da Angelo Barbosa | Mag 3, 2026 | CVE

A vulnerability was found in Totolink WA300 5.2cu.7112_B20190227 and classified as critical. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection.

This vulnerability is documented as CVE-2026-7721. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-7721 | Totolink WA300 5.2cu.7112_B20190227 /cgi-bin/cstecgi.cgi NTPSyncWithHost hostTime command injection

Post correlati

CVE-2023-52541 | Huawei HarmonyOS/EMUI App Pre-Loading improper authentication

CVE-2024-56069 | Azzaroco WP SuperBackup Plugin up to 2.3.3 on WordPress cross site scripting

CVE-2024-50684 | SunGrow iSolarCloud App up to 2.1.6.20241017 on Android AES Key entropy

CVE-2025-0348 | CampCodes DepEd Equipment Inventory System 1.0 /data/add_employee.php data cross site scripting