EUVD-2026-19557
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Analysis
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setGameSpeedCfg function of /cgi-bin/cstecgi.cgi. Public exploit code exists on GitHub (EPSS and KEV status not provided, but publicly available proof-of-concept increases immediate risk). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU devices running firmware 7.4cu.2313_b20191024 in your environment and isolate them from production networks if possible; check Totolik's official website for available firmware updates and apply the latest version. Within 7 days: Implement network-based access controls to restrict remote access to the affected router's web interface (/cgi-bin/cstecgi.cgi) to trusted administrative networks only; enable logging and monitor for suspicious activity to the 'enable' parameter. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today