CVE-2026-7156 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi CsteSystem HTTP os command injection

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability labeled as critical has been found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection.

This vulnerability is cataloged as CVE-2026-7156. The attack may be launched remotely. Furthermore, there is an exploit available.

CVE-2026-7156 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi CsteSystem HTTP os command injection

Post correlati

CVE-2025-15099 | simstudioai sim up to 0.5.27 CRON Secret internal.ts INTERNAL_API_SECRET improper authentication

CVE-2025-48208 | Apache Hertzbeat up to 1.7.1 JNDI ldap injection

CVE-2024-8043 | Vikinghammer Tweet Plugin up to 0.2.4 on WordPress cross-site request forgery

CVE-2026-7018 | Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71 JWT Token TokenManager.java tokenSecret hard-coded key (Issue 580)