CVE-2026-0641

Name of the Vulnerable Software and Affected Versions TOTOLINK WA300 version 5.2cu.7112 B20190227

Description A security issue exists in TOTOLINK WA300 version 5.2cu.7112 B20190227. The sub 401510 function within the cstecgi.cgi file is susceptible to command injection through manipulation of the UPLOAD FILENAME argument. This allows for remote exploitation. The exploit for this issue has been publicly disclosed.

Recommendations Apply a newer version of the software that addresses this vulnerability. As a temporary workaround, restrict access to the cstecgi.cgi file or disable the sub 401510 function until a patch is available. Avoid using the UPLOAD FILENAME parameter in the affected file.