CVE-2026-7037 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru os command injection

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability described as critical has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection.

This vulnerability is identified as CVE-2026-7037. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-7037 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setVpnPassCfg pptpPassThru os command injection

Post correlati

CVE-2023-6276 | Tongda OA 2017 up to 11.9 delete.php PROJ_ID_STR sql injection

CVE-2026-31605 | Linux Kernel up to 6.12.82/6.18.23/6.19.13/7.0.0 Udlfb Driver divide by zero

CVE-2024-58134 | SRI Mojolicious up to 9.39 on Perl HMAC Session Secrets hard-coded key

CVE-2024-37404 | Ivanti Connect Secure/Policy Secure crlf injection