CVE-2026-7241 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setWiFiBasicCfg wifiOff os command injection

Inserito da Angelo Barbosa | Apr 27, 2026 | CVE

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. It has been classified as critical. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection.

This vulnerability is reported as CVE-2026-7241. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-7241 | Totolink A8000RU 7.1cu.643_b20200521 CGI /cgi-bin/cstecgi.cgi setWiFiBasicCfg wifiOff os command injection

Post correlati

CVE-2024-36997 | Splunk Enterprise/Cloud Platform conf-web Settings REST Endpoint cross site scripting (SVD-2024-0717)

CVE-2025-26392 | SolarWinds Observability Self-Hosted sql injection

CVE-2025-40804 | Siemens SIMATIC Virtualization as a Service permission assignment (ssa-534283)

CVE-2024-1186 | Munsoft Easy Archive Recovery 2.0 Registration Key denial of service