top of page
perceptive_background_267k.jpg

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. E…

Published:

5 april 2026 om 22:00:00

Alert date:

6 april 2026 om 20:01:55

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

A critical vulnerability has been identified in Totolink A7100RU router firmware version 7.4cu.2313_b20191024. The vulnerability exists in the setScheduleCfg function within the /cgi-bin/cstecgi.cgi file. Attackers can exploit this flaw by manipulating the 'mode' argument to achieve OS command injection. The vulnerability can be exploited remotely, making it particularly dangerous. Public exploits are already available, increasing the risk of active exploitation. This affects the network infrastructure and could allow attackers to gain unauthorized system access and execute arbitrary commands on the affected router.

Technical details

Mitigation steps:

Affected products:

Totolink A7100RU

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-5678
https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_185/README.md
https://vuldb.com/submit/792608
https://vuldb.com/vuln/355505
https://vuldb.com/vuln/355505/cti
https://www.totolink.net/

Related CVE's:

Related threat actors:

IOC's:

/cgi-bin/cstecgi.cgi, setScheduleCfg

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page