Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.

Ver en NVD

Análisis

This vulnerability affects a specific model of Totolink consumer router and its CGI handler. While the critical severity allows for remote command injection, this hardware is not widely used in the MexicoDev community infrastructure or typical developer stacks.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-77CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0125 (1.3%)
Percentil: 79.5%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.

Publicada: 27/4/2026, 16:16:47
Última modificación: 27/4/2026, 18:35:53

Referencias

InicioEventosBlogRecursosEquipo