CNNVD-202601-4634 Information
CNNVD ID
CNNVD-202601-4634
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
TOTOLINK A7000R是中国吉翁电子(TOTOLINK)公司的一款无线路由器。 Totolink A7000R 4.1cu.4154版本存在命令注入漏洞,该漏洞源于对文件/cgi-bin/cstecgi.cgi中CloudACMunualUpdateUserdata函数的参数url的错误操作,可能导致命令注入攻击。
Description (English)
TOTOLINK A7000R is a wireless router of the Chinese company TOTOLINK. Totolink A7000R 4.1cu.4154 contains a command-injecting loophole, which arises from an error in the url operation of the ClaudAC MunualUpdateUserdata function in document/cgi-bin/cstecgi.cgi, which may result in an order-injecting attack.
Hazard Level
High
Vulnerability Type
命令注入
Affected Vendor
吉翁电子
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md https://github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.md#poc https://vuldb.com/?ctiid.343232 https://vuldb.com/?id.343232 https://vuldb.com/?submit.739715 https://www.totolink.net/
Share on: