EUVD-2026-21314
GHSA-7796-2cv5-g5f4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Analysis
Remote unauthenticated OS command injection in Totolink A7100RU router version 7.4cu.2313_b20191024 allows arbitrary command execution via the setSyslogCfg function in /cgi-bin/cstecgi.cgi. Attackers exploit the 'enable' parameter without authentication to achieve full system compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU devices on corporate networks and VPNs using network discovery tools; document current firmware versions. Within 7 days: Contact affected users and isolate vulnerable routers from production networks; contact Totolik support for patch availability timeline and interim guidance. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today