CVE-2026-7204 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setPptpServerCfg enable os command injection

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection.

This vulnerability appears as CVE-2026-7204. The attack may be initiated remotely. In addition, an exploit is available.

CVE-2026-7204 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setPptpServerCfg enable os command injection

Post correlati

CVE-2025-8510 | Portabilis i-Educar 2.10 educar_matricula_lst.php Gerar ref_cod_aluno cross site scripting

CVE-2024-13626 | VR-Frases Plugin up to 3.0.1 on WordPress cross site scripting

CVE-2025-13339 | Hippoo Mobile App for WooCommerce Plugin up to 1.7.1 on WordPress template_redirect path traversal

CVE-2024-33629 | Creative Motion Auto Featured Image Plugin up to 4.0.0 on WordPress server-side request forgery