CVE-2026-7136 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setDmzCfg wanIdx os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection.

The identification of this vulnerability is CVE-2026-7136. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-7136 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setDmzCfg wanIdx os command injection

Post correlati

CVE-2026-7001 | Datacom DM4100 1.3.6.1.4.1.3709 Ethernet Configuration Page Name cross site scripting

CVE-2026-4781 | SourceCodester Sales and Inventory System 1.0 HTTP GET Parameter update_purchase.php sid sql injection

CVE-2020-36934 | Deepinstinct Deep Instinct Windows Agent 1.2.24.0 DeepNetworkService.exe unquoted search path (Exploit 49020)

CVE-2024-25515 | RuvarOA 6.01/12.01 wf_work_finish_file_down.aspx sys_file_storage_id sql injection