Описание
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-1548
- https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md
- https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md#poc
- https://vuldb.com/?ctiid.343232
- https://vuldb.com/?id.343232
- https://vuldb.com/?submit.739715
- https://www.totolink.net
Связанные уязвимости
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Уязвимость функции CloudACMunualUpdateUserdata() сценария /cgi-bin/cstecgi.cgi микропрограммного обеспечения роутеров TOTOLINK A7000R, позволяющая нарушителю выполнить произвольные команды