CVE-2026-6139 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi UploadOpenVpnCert FileName os command injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-6139. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-6139 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi UploadOpenVpnCert FileName os command injection

Post correlati

CVE-2024-4783 | jQuery T Countdown Widget Plugin up to 2.3.25 on WordPress Shortcode tminus cross site scripting

CVE-2024-25935 | Metagauss RegistrationMagic Plugin up to 5.2.5.9 on WordPress authorization

CVE-2024-23179 | MediaWiki up to 1.40.1 GlobalBlocking Extension Special:GlobalBlock uselang cross site scripting

CVE-2025-53204 | Event List Plugin up to 1.9.2 on WordPress file inclusion