CVE-2026-1548 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi CloudACMunualUpdateUserdata url command injection

Inserito da Angelo Barbosa | Gen 28, 2026 | CVE

A vulnerability was found in Totolink A7000R 4.1cu.4154. It has been rated as critical. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection.

This vulnerability is handled as CVE-2026-1548. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-1548 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi CloudACMunualUpdateUserdata url command injection

Post correlati

CVE-2024-20763 | Adobe Animate 2023/Animate 2024 out-of-bounds (APSB24-19)

CVE-2026-1415 | GPAC up to 2.4.0 media_export.c gf_media_export_webvtt_metadata Name null pointer dereference (Issue 3428)

CVE-2023-44301 | Dell PowerProtect Data Manager DM5500 Appliance up to 5.14 cross site scripting (dsa-2023-425)

CVE-2024-54774 | Dcat Admin 2.2.0-beta /admin/articles/create cross site scripting