Is there a public PoC exploit available for CVE-2026-7720?

Yes, a public proof-of-concept exploit is available for CVE-2026-7720. Prioritise patching immediately. EPSS: 2.9%.

Totolink WA300 CVE-2026-7720

Q: What is the CVSS score of CVE-2026-7720?

CVE-2026-7720 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 2.9%.

EUVD-2026-26873 LOW

Command Injection (CWE-77)

2026-05-04 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Analysis Generated

May 04, 2026 - 02:30 vuln.today

Severity Changed

May 04, 2026 - 02:22 NVD

MEDIUM LOW

CVSS changed

May 04, 2026 - 02:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

May 04, 2026 - 02:15 euvd

EUVD-2026-26873

Analysis Generated

May 04, 2026 - 02:15 vuln.today

CVE Published

May 04, 2026 - 01:45 nvd

LOW 2.1

DescriptionNVD

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Command injection in Totolink WA300 5.2cu.7112_B20190227 allows authenticated remote attackers to execute arbitrary commands via the langType parameter in the setLanguageCfg function of /cgi-bin/cstecgi.cgi. Publicly available exploit code exists, though the low CVSS 2.1 score reflects limited scope (only low confidentiality and integrity impact, no system integrity or availability impact) and authentication requirement, reducing real-world attack surface.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7720 vulnerability details – vuln.today

Back