EUVD-2026-21318
GHSA-wqxj-7q65-946x
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Analysis
Remote OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands. The vulnerability resides in the setPortalConfWeChat function within /cgi-bin/cstecgi.cgi, exploitable by manipulating the 'enable' parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Totolik A7100RU deployments and identify current firmware versions. Within 7 days: Contact Totolik support to determine patch availability timeline; if no patch is imminent, isolate affected routers from production networks or replace with alternative hardware. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today