CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/13 12:0 a.m.•2 views

CVE-2026-6138

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploi...

Vulnrichment•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-6138 Totolink A7100RU CGI cstecgi.cgi setAccessDeviceCfg os command injection

10CVSS7AI score0.01823EPSS

CVE•added 2026/04/13 12:0 a.m.•13 views

CVE-2026-6138

The CVE concerns Totolink A7100RU (firmware 7.4cu.2313_b20191024) where the CGI Handler’s function setAccessDeviceCfg in /cgi-bin/cstecgi.cgi accepts a manipulated mac argument to trigger OS command injection. This allows a remote attacker to exploit the vulnerability over the network (no authent...

CNNVD•added 2026/04/13 12:0 a.m.•3 views

TOTOLINK A7000R 安全漏洞

TOTOLINK A7000R is a wireless router product that is mainly used to provide network connectivity and Wi-Fi access. TOTOLINK A7000R suffers from a stack buffer overflow vulnerability. The vulnerability stems from the setWiFiEasyGuestCfg function in the /cgi-bin/cstecgi.cgi file failing to properly...

9CVSS7.4AI score0.00575EPSS

Positive Technologies•added 2026/04/13 12:0 a.m.•4 views

PT-2026-32197

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Specifically, the UploadOpenVpnCert function within the /cgi-bin/cstecgi.cgi file is...

10CVSS7.3AI score0.01823EPSS

Exploits0References11

Positive Technologies•added 2026/04/13 12:0 a.m.•10 views

PT-2026-32239

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Manipulation of the wizard argument in the setWizardCfg function within the...

10CVSS7.2AI score0.01823EPSS

Exploits0References11

Positive Technologies•added 2026/04/13 12:0 a.m.•3 views

PT-2026-32195

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the Totolink A7100RU version 7.4cu.2313 b20191024. The issue is due to a vulnerability in the setAccessDeviceCfg function within the CGI Handler component, located in t...

10CVSS7.4AI score0.01823EPSS

Exploits0References12

NVD•added 2026/04/12 11:16 p.m.•2 views

CVE-2026-6131

A vulnerability was found in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched...

10CVSS0.01823EPSS

NVD•added 2026/04/12 11:16 p.m.•1 views

CVE-2026-6132

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

10CVSS0.02175EPSS

CVE•added 2026/04/12 10:30 p.m.•8 views

CVE-2026-6132

Affected product: Totolink A7100RU. Vulnerable component: CGI Handler, function setLedCfg in /cgi-bin/cstecgi.cgi. Issue: manipulation of the argument enable leads to OS command injection. Impact: remote code execution possibility with high severity (CVE-2026-6132). Exploit status: publicly discl...

10CVSS7AI score0.02175EPSS

ATTACKERKB•added 2026/04/12 10:15 p.m.•1 views

CVE-2026-6131

Cvelist•added 2026/04/12 10:15 p.m.•22 views

CVE-2026-6131 Totolink A7100RU CGI cstecgi.cgi setTracerouteCfg os command injection

10CVSS0.01823EPSS

EUVD•added 2026/04/12 6:30 a.m.•6 views

EUVD-2026-21700

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The...

10CVSS5.6AI score0.01766EPSS

Exploits0References6

NVD•added 2026/04/12 5:16 a.m.•3 views

CVE-2026-6116

A vulnerability has been found in Totolink A7100RU 7.4cu.2313b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is...

10CVSS0.01803EPSS

NVD•added 2026/04/12 4:16 a.m.•1 views

CVE-2026-6112

10CVSS0.01766EPSS

Vulnrichment•added 2026/04/12 4:15 a.m.•4 views

CVE-2026-6116 Totolink A7100RU CGI cstecgi.cgi setDiagnosisCfg os command injection

10CVSS6.8AI score0.01803EPSS

ATTACKERKB•added 2026/04/12 4:15 a.m.•1 views

CVE-2026-6116

10CVSS6.8AI score0.01803EPSS

ATTACKERKB•added 2026/04/12 4:0 a.m.•0 views

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS7AI score0.01823EPSS

Vulnrichment•added 2026/04/12 4:0 a.m.•0 views

CVE-2026-6115 Totolink A7100RU CGI cstecgi.cgi setAppCfg os command injection