CVE-2026-6140 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi UploadFirmwareFile FileName os command injection

Inserito da Angelo Barbosa | Apr 12, 2026 | CVE

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024 and classified as critical. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection.

This vulnerability was named CVE-2026-6140. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-6140 | Totolink A7100RU 7.4cu.2313_b20191024 CGI /cgi-bin/cstecgi.cgi UploadFirmwareFile FileName os command injection

Post correlati

CVE-2024-49632 | Coral Web Design CWD 3D Image Gallery Plugin up to 1.0 on WordPress cross site scripting

CVE-2024-20754 | Adobe Lightroom Desktop up to 7.1.2 untrusted search path (apsb24-17)

CVE-2024-38858 | Checkmk up to 2.3.0p13 Robotmk Logs View cross site scripting

CVE-2026-3613 | Wavlink WL-NU516U1 V240425 /cgi-bin/login.cgi sub_401A0C ipaddr stack-based overflow