CVE-2026-0641 | TOTOLINK WA300 5.2cu.7112_B20190227 cstecgi.cgi sub_401510 UPLOAD_FILENAME command injection

Inserito da Angelo Barbosa | Gen 6, 2026 | CVE

A vulnerability, which was classified as critical, has been found in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection.

This vulnerability is listed as CVE-2026-0641. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-0641 | TOTOLINK WA300 5.2cu.7112_B20190227 cstecgi.cgi sub_401510 UPLOAD_FILENAME command injection

Post correlati

CVE-2024-57494 | Neto E-Commerce CMS kw cross site scripting

CVE-2024-4964 | D-Link DAR-7000-40 V31R02B1413C /firewall/urlblist.php file unrestricted upload (SAP10354)

CVE-2025-31964 | HCL BigFix IVR 4.2 Service Binding Configuration information disclosure (KB0127753)

CVE-2025-0698 | JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d /admin/sys/menu/list sort/order sql injection