PT-2026-5348 · Totolink · Totolink A7000R

Xuanyu

Publicado

2026-01-29

Atualizado

2026-02-10

CVE-2026-1623

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Totolink A7000R version 4.1cu.4154

Description A flaw exists in the Totolink A7000R device. The setUpgradeFW function within the /cgi-bin/cstecgi.cgi file is susceptible to command injection through manipulation of the FileName argument. This issue can be exploited remotely. The exploit code has been publicly released, potentially increasing the risk of attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2026-1623

Produtos afetados

Totolink A7000R

PT-2026-5348 · Totolink · Totolink A7000R

CVE-2026-1623

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11