CVE-2026-5997 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setLoginPasswordCfg admpass os command injection

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability described as critical has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection.

This vulnerability is known as CVE-2026-5997. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-5997 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi setLoginPasswordCfg admpass os command injection

Post correlati

CVE-2025-24633 | silverplugins217 Build Private Store for Woocommerce Plugin up to 1.0 on WordPress authorization

CVE-2025-26320 | t0mer BroadlinkManager 5.9.1 /device/ping IP Address os command injection

CVE-2025-62293 | SOPlanning up to 1.53 /status endpoint authorization

CVE-2025-40053 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 net netdev_alloc_skb_ip_align null pointer dereference