Enviar #740760: TOTOLINK A7000R V4.1cu.4154 Command Injectioninformación

Título	TOTOLINK A7000R V4.1cu.4154 Command Injection
Descripción	Critical unauthorized command execution has been found in the TOTOLINK A7000R router. The vulnerability can be triggered via route /cgi-bin/cstecgi.cgi. An attacker can achieve unauthorized RCE by sending an HTTP POST request, specifically by making a request to setting/setUploadUserData.
Fuente	⚠️ https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/03_RCE_setUploadUserData_RCE.md
Usuario	xuanyu (UID 36103)
Sumisión	2026-01-16 12:43 (hace 5 meses)
Moderación	2026-01-29 10:09 (13 days later)
Estado	Aceptado
Entrada de VulDB	343373 [Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUploadUserData FileName escalada de privilegios]
Puntos	18

Interested in the pricing of exploits?

See the underground prices here!