CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/13 4:16 a.m.•3 views

CVE-2026-6156

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is...

10CVSS0.01823EPSS

CVE•added 2026/04/13 3:15 a.m.•7 views

CVE-2026-6155

CVE-2026-6155 affects Totolink A7100RU running 7.4cu.2313. The vulnerability is in the CGI handler: function setWanCfg in file /cgi-bin/cstecgi.cgi, where manipulation of the argument pppoeServiceName can lead to an OS command injection . The attack may be launched remotely over the network, with...

10CVSS7AI score0.01803EPSS

NVD•added 2026/04/13 1:16 a.m.•0 views

CVE-2026-6140

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely...

10CVSS0.02199EPSS

NVD•added 2026/04/13 1:16 a.m.•3 views

CVE-2026-6139

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The...

10CVSS0.01823EPSS

ATTACKERKB•added 2026/04/13 12:30 a.m.•4 views

CVE-2026-6140

10CVSS7AI score0.02199EPSS

Vulnrichment•added 2026/04/13 12:15 a.m.•1 views

CVE-2026-6139 Totolink A7100RU CGI cstecgi.cgi UploadOpenVpnCert os command injection

ATTACKERKB•added 2026/04/13 12:15 a.m.•3 views

CVE-2026-6139

10CVSS7AI score0.01823EPSS

ATTACKERKB•added 2026/04/13 12:0 a.m.•2 views

CVE-2026-6138

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploi...

Vulnrichment•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-6138 Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection

10CVSS7AI score0.01823EPSS

CVE•added 2026/04/13 12:0 a.m.•11 views

CVE-2026-6138

The CVE concerns Totolink A7100RU (firmware 7.4cu.2313_b20191024) where the CGI Handler’s function setAccessDeviceCfg in /cgi-bin/cstecgi.cgi accepts a manipulated mac argument to trigger OS command injection. This allows a remote attacker to exploit the vulnerability over the network (no authent...

Positive Technologies•added 2026/04/13 12:0 a.m.•4 views

PT-2026-32197

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Specifically, the UploadOpenVpnCert function within the /cgi-bin/cstecgi.cgi file is...

10CVSS7.3AI score0.01823EPSS

Exploits0References11

Positive Technologies•added 2026/04/13 12:0 a.m.•3 views

PT-2026-32195

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The issue is due to a vulnerability in the setAccessDeviceCfg function within the CGI Handler component, located in t...

10CVSS7.4AI score0.01823EPSS

Exploits0References12

NVD•added 2026/04/12 11:16 p.m.•1 views

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

10CVSS0.02175EPSS

CVE•added 2026/04/12 10:30 p.m.•8 views

CVE-2026-6132

Affected product: Totolink A7100RU. Vulnerable component: CGI Handler, function setLedCfg in /cgi-bin/cstecgi.cgi. Issue: manipulation of the argument enable leads to OS command injection. Impact: remote code execution possibility with high severity (CVE-2026-6132). Exploit status: publicly discl...

10CVSS7AI score0.02175EPSS

EUVD•added 2026/04/12 6:30 a.m.•6 views

EUVD-2026-21700

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

10CVSS5.6AI score0.01766EPSS

Exploits0References6

NVD•added 2026/04/12 4:16 a.m.•1 views

CVE-2026-6112

10CVSS0.01766EPSS

ATTACKERKB•added 2026/04/12 4:15 a.m.•1 views

CVE-2026-6116

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is...

10CVSS6.8AI score0.01803EPSS

ATTACKERKB•added 2026/04/12 4:0 a.m.•0 views

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS7AI score0.01823EPSS

Vulnrichment•added 2026/04/12 4:0 a.m.•0 views

CVE-2026-6115 Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection