CVE-2026-7721

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

A security vulnerability has been detected in Totolink WA300 5.2cu.7112 B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-7721

Affected Products

Wa300

CVE-2026-7721

Weakness Enumeration

Related Identifiers

Affected Products

References · 6