CVE-2026-7137 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setStorageCfg sambaEnabled os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been classified as critical. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection.

This vulnerability is referenced as CVE-2026-7137. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-7137 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setStorageCfg sambaEnabled os command injection

Post correlati

CVE-2026-39959 | tmds Tmds.DBus/Tmds.DBus.Protocol up to 0.91.x SynchronizationContext allocation of resources (GHSA-xrw6-gwf8-vvr9)

CVE-2024-50609 | Fluent Bit 3.1.9 opentelemetry_prot.c process_payload_traces_proto_ng null pointer dereference

CVE-2024-10218 | TIBCO Hawk/Operational Intelligence Monitoring Archive Utility mar.jar cross site scripting

CVE-2024-41968 | WAGO CC100 0751-9×01 Docker Settings Setup missing authentication (VDE-2024-047)