CVE-2025-7154 | TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi sub_41A0F8 Hostname os command injection

Inserito da Angelo Barbosa | Lug 7, 2025 | CVE

A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection.

This vulnerability is handled as CVE-2025-7154. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2025-7154 | TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216 /cgi-bin/cstecgi.cgi sub_41A0F8 Hostname os command injection

Post correlati

CVE-2024-6490 | Master Slider Plugin up to 3.9.10 on WordPress cross-site request forgery

CVE-2024-6934 | formtools.org Form Tools 3.1.1 step2.php Form URL cross site scripting

CVE-2024-35517 | Netgear XR1000 1.0.0.64 usb_remote_smb_conf.cgi share_name command injection

CVE-2024-2903 | Tenda AC7 15.03.06.44 GetParentControlInfo mac stack-based overflow