EUVD-2026-21185
GHSA-gpqj-8899-c755
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Analysis
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands via the 'mode' parameter in the setWiFiAclRules function (/cgi-bin/cstecgi.cgi). Publicly available exploit code exists. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU routers in production via asset inventory and network scans; isolate or restrict WAN access to affected devices pending remediation. Within 7 days: Contact Totolik support for firmware patch availability and test any released updates in non-production environment; if no patch forthcoming, implement network segmentation to limit router exposure and deploy compensating controls (see below). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today