EUVD-2026-21705
GHSA-wj59-xw95-68pp
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.
Analysis
OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via the 'proto' parameter in setNetworkCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, significantly lowering the exploitation barrier. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU routers in production via network inventory and asset management systems; isolate affected devices from critical network segments pending remediation. Within 7 days: Contact Totolik support for patch availability and timeline; evaluate replacement with patched firmware or alternative router models from vendors with active security support. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today