EUVD-2026-21808
GHSA-8cjf-hjff-67q2
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
OS command injection in Totolink A7100RU router firmware 7.4cu.2313_b20191024 allows unauthenticated remote attackers to execute arbitrary system commands with router privileges via crafted wizard parameters to the setWizardCfg CGI function. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier to exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all Totolik A7100RU routers in your environment using network scanning tools and confirm firmware version via device administration interfaces. Within 7 days: Isolate affected routers from production networks or restrict administrative access via network segmentation and access control lists until firmware remediation is available. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today