CVE-2026-5851

CRITICAL CVSS 9.8 View on NVD ↗

Description

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_157/README.md
https://vuldb.com/submit/791271
https://vuldb.com/vuln/356377
https://vuldb.com/vuln/356377/cti
https://www.totolink.net/

Published: Apr 09, 2026 06:16 UTC Modified: Apr 09, 2026 06:16 UTC