EUVD-2026-21319
GHSA-w3qf-xc88-m8c9
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 enables unauthenticated remote attackers to execute arbitrary system commands via the 'enable' parameter in the setUrlFilterRules function of /cgi-bin/cstecgi.cgi. Exploitation requires no user interaction, granting complete device compromise with potential for lateral network movement. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Totolik A7100RU devices in inventory and isolate affected units from production networks if running firmware 7.4cu.2313_b20191024 or earlier; document current firmware versions across the deployment. Within 7 days: Contact Totolik support to confirm patch availability timeline and escalate if unavailable; evaluate replacement hardware from vendors with active security support. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today