CVE-2026-1601 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUploadUserData FileName command injection

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability categorized as critical has been discovered in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection.

This vulnerability is tracked as CVE-2026-1601. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-1601 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUploadUserData FileName command injection

Post correlati

CVE-2025-24402 | Azure Service Fabric Plugin up to 1.6 on Jenkins cross-site request forgery

CVE-2024-38861 | Checkmk Exchange Plugin up to 2.0a/2.5.5 certificate validation

CVE-2024-42140 | Linux Kernel up to 5.15.162/6.1.97/6.6.38/6.9.8 kexec machine_kexec_mask_interrupts deadlock

CVE-2024-23445 | Elasticsearch up to 8.13.x access control