EUVD-2026-21184
GHSA-vg62-g8mg-mm6p
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
Remote OS command injection in Totolink A7100RU firmware 7.4cu.2313_b20191024 allows unauthenticated attackers to execute arbitrary system commands via the wifiOff parameter in the setWiFiBasicCfg function of /cgi-bin/cstecgi.cgi. This vulnerability enables complete device compromise with high impact to confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Totolik A7100RU devices on the network, retrieve current firmware versions via device admin interface, and isolate any running firmware 7.4cu.2313_b20191024 or earlier to a separate VLAN with restricted network access. Within 7 days: Contact Totolink support to confirm patch availability status and timelines; if no patch is available, implement network-level controls to block unauthenticated access to /cgi-bin/cstecgi.cgi via WAF or firewall rules, and disable WiFi configuration features via administrative lockdown if operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today