CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/27 4:0 p.m.•1 views

CVE-2026-7138 Totolink A8000RU CGI cstecgi.cgi setNtpCfg os command injection

10CVSS8.3AI score0.01221EPSS

ATTACKERKB•added 2026/04/27 4:0 p.m.•2 views

CVE-2026-7138

10CVSS5.2AI score0.01221EPSS

Exploits0References5Affected Software1

CVE•added 2026/04/27 4:0 p.m.•6 views

CVE-2026-7138

Totolink A8000RU vulnerability CVE-2026-7138 affects the CGI Handler: file /cgi-bin/cstecgi.cgi, function setNtpCfg. Manipulating the tz argument leads to OS command injection with a remote attack path. Public exploit is indicated in the sources. No specific patch/version details or mitigations a...

10CVSS8.3AI score0.01221EPSS

CNNVD•added 2026/04/27 12:0 a.m.•3 views

TOTOLINK A8000RU 命令注入漏洞

The TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the function setNtpCfg in the CGI Handler component’s file/cgi-bin/cstecgi.cgi, which...

10CVSS7.3AI score0.01221EPSS

Exploits0References1

Positive Technologies•added 2026/04/27 12:0 a.m.•1 views

PT-2026-35452

A vulnerability was detected in Totolink A8000RU 7.1cu.643 b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The...

10CVSS5.2AI score0.01221EPSS

RedhatCVE•added 2026/04/07 11:1 p.m.•4 views

CVE-2026-5689

A vulnerability was detected in Totolink A7100RU 7.4cu.2313b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

EUVD•added 2026/04/07 12:30 a.m.•2 views

Exploits0References1

EUVD-2026-19551

NVD•added 2026/04/06 11:16 p.m.•2 views

CVE-2026-5689

7.5CVSS0.01153EPSS

ATTACKERKB•added 2026/04/06 10:30 p.m.•2 views

CVE-2026-5689

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/06 10:30 p.m.•0 views

CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection

Cvelist•added 2026/04/06 10:30 p.m.•16 views

CVE-2026-5689 Totolink A7100RU cstecgi.cgi setNtpCfg os command injection

7.5CVSS0.01153EPSS

CVE•added 2026/04/06 10:30 p.m.•2 views

CVE-2026-5689

Totolink A7100RU (firmware 7.4cu.2313_b20191024) is affected by an OS command injection in the setNtpCfg function of /cgi-bin/cstecgi.cgi. Manipulating the tz argument can enable remote exploitation, and public exploits are available. Affected impact and realistic remediation details are not prov...

Positive Technologies•added 2026/04/06 12:0 a.m.•3 views

PT-2026-30750

A vulnerability was detected in Totolink A7100RU 7.4cu.2313 b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

CNNVD•added 2026/04/06 12:0 a.m.•3 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A7100RU 7.4cu.2313b20191024 version contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of parameters tz in the function setNtpCfg...

7.5CVSS7.1AI score0.01153EPSS