CVE-2026-7240 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setVpnAccountCfg User os command injection

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521 and classified as critical. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection.

This vulnerability is documented as CVE-2026-7240. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-7240 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setVpnAccountCfg User os command injection

Post correlati

CVE-2024-50393 | QNAP QTS/QuTS hero os command injection (qsa-24-49)

CVE-2023-45705 | HCL BigFix Platform 10.0/10.0.10/11.0.0/11.0.1 SMTP Configuration Option server-side request forgery (KB0111972)

CVE-2024-53675 | HPE Insight Remote Support prior 7.14.0.629 xml external entity reference

CVE-2025-23859 | Joshua Wieczorek Daily Proverb Plugin up to 2.0.3 on WordPress cross site scripting