EUVD-2026-21270
GHSA-3mg5-x6vg-3pmj
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 via unauthenticated manipulation of telnet_enabled parameter in setTelnetCfg function. Critical CVSS 9.8 score reflects network-accessible attack requiring no authentication or user interaction, enabling full system compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU routers in production via network scanning and asset inventory; isolate affected devices from critical network segments if possible. Within 7 days: Contact Totolik support for available firmware updates or workarounds; implement network-level restrictions (firewall rules, ACLs) to block unauthorized telnet access to affected routers. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today