CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/09 8:0 p.m.•6 views

CVE-2026-5976

Totolink A7100RU, firmware 7.4cu.2313_b20191024, vulnerable in the CGI Handler via /cgi-bin/cstecgi.cgi function setStorageCfg. Manipulating the sambaEnabled argument leads to an OS command injection, exploitable remotely with a public exploit. Affects component: CGI Handler; vulnerable function:...

Vulnrichment•added 2026/04/09 8:0 p.m.•3 views

CVE-2026-5976 Totolink A7100RU CGI cstecgi.cgi setStorageCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

10CVSS5.6AI score0.01803EPSS

ATTACKERKB•added 2026/04/09 8:0 p.m.•3 views

CVE-2026-5976

Cvelist•added 2026/04/09 7:45 p.m.•17 views

CVE-2026-5975 Totolink A7100RU CGI cstecgi.cgi setDmzCfg os command injection

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. Th...

10CVSS0.01803EPSS

ATTACKERKB•added 2026/04/09 7:45 p.m.•4 views

CVE-2026-5975

CVE•added 2026/04/09 7:45 p.m.•8 views

CVE-2026-5975

Totolink A7100RU affected by CVE-2026-5975: the CGI Handler’s setDmzCfg function in /cgi-bin/cstecgi.cgi is vulnerable when processing wanIdx, enabling OS command injection. This is a remote vulnerability with publicly available exploit information, indicating potential remote code execution on a...

ATTACKERKB•added 2026/04/09 7:30 p.m.•0 views

CVE-2026-5974

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...

7.5CVSS6.8AI score0.02241EPSS

Exploits1References7Affected Software1

Vulnrichment•added 2026/04/09 7:15 p.m.•0 views

CVE-2026-5973 FoundationAgents MetaGPT common.py get_mime_type os command injection

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

7.5CVSS6.7AI score0.02283EPSS

Exploits1References6

CVE•added 2026/04/09 7:15 p.m.•5 views

CVE-2026-5973

The CVE-2026-5973 entry concerns FoundationAgents MetaGPT up to version 0.8.1. Affected component: the get_mime_type function in metagpt/utils/common.py. Root cause: input handling within that function allows OS command injection, enabling remote execution. Exploit status: public; exploitation po...

9.8CVSS6.7AI score0.02283EPSS

Exploits1References6Affected Software1

CVE•added 2026/04/09 7:0 p.m.•12 views

CVE-2026-5972

CVE-2026-5972 affects FoundationAgents MetaGPT (up to 0.8.1). The vulnerability lies in Terminal.run_command within metagpt/tools/libs/terminal.py, where input handling allows os command injection. This enables remote exploitation as described in multiple sources. Patch identifier d04ffc8dc67903e...

9.8CVSS6.4AI score0.02328EPSS

Exploits1References6Affected Software1

EUVD•added 2026/04/09 9:31 a.m.•2 views

EUVD-2026-20866

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The...

10CVSS6.9AI score0.14277EPSS

EUVD•added 2026/04/09 9:31 a.m.•4 views

EUVD-2026-20868

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack...

10CVSS6.9AI score0.14277EPSS

NVD•added 2026/04/09 7:16 a.m.•10 views

CVE-2026-5853

10CVSS0.14277EPSS

NVD•added 2026/04/09 7:16 a.m.•8 views

CVE-2026-5854

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate th...

10CVSS0.17546EPSS

NVD•added 2026/04/09 7:16 a.m.•2 views

CVE-2026-5852

10CVSS0.14277EPSS

ATTACKERKB•added 2026/04/09 6:45 a.m.•1 views

CVE-2026-5854

10CVSS7AI score0.17546EPSS

CVE•added 2026/04/09 6:45 a.m.•22 views

CVE-2026-5854

CVE-2026-5854 affects Totolink A7100RU firmware (7.4cu.2313_b20191024). The CGI Handler’s /cgi-bin/cstecgi.cgi function setWiFiEasyCfg is vulnerable to argument merge manipulation that leads to os command injection. The issue is exploitable remotely and the exploit is public. Impact is high: remo...

10CVSS7AI score0.17546EPSS

EUVD•added 2026/04/09 6:30 a.m.•2 views

EUVD-2026-20864

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploi...

10CVSS5.7AI score0.14128EPSS

EUVD•added 2026/04/09 6:30 a.m.•4 views

EUVD-2026-20862

A vulnerability was identified in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible...

10CVSS5.7AI score0.15952EPSS