CVE-2026-5854 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setWiFiEasyCfg merge os command injection

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability identified as critical has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection.

This vulnerability is cataloged as CVE-2026-5854. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5854 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setWiFiEasyCfg merge os command injection

Post correlati

CVE-2025-1673 | zephyrproject-rtos Zephyr up to 4.0 resolve.c dns_validate_msg out-of-bounds (GHSA-jjhx-rrh4-j8mx)

CVE-2025-22633 | Matt Cromwell Give Plugin up to 2.0.0 on WordPress file information disclosure

CVE-2024-42642 | Micron Crucial MX500 Series Solid State Drives M3CR046 ATA Packet buffer overflow

CVE-2024-42190 | HCL Traveler for Microsoft Outlook up to 3.0.11 uncontrolled search path (KB0120744)