CVE-2026-5850 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru os command injection

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. It has been classified as critical. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection.

This vulnerability is referenced as CVE-2026-5850. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-5850 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru os command injection

Post correlati

CVE-2024-13380 | Alex Reservations Smart Restaurant Booking Plugin up to 2.0.5 on WordPress Shortcode rr_form cross site scripting

CVE-2025-1714 | Perforce Gliffy up to 4.14.0-6 Signup information disclosure

CVE-2025-14985 | Alpha Blocks Plugin up to 1.5.0 on WordPress alpha_block_css cross site scripting

CVE-2024-6126 | Red Hat Enterprise Linux 7/8/9 cockpit user_readenv resource consumption