Vulnerabilities

Report: Latest: CVE-2026-7240 - Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection

2026-04-28 0 views admin

CVE ID :CVE-2026-7240 Published : April 28, 2026, 7:15 a.m. | 1 hour, 13 minutes ago Description :A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-7240

Published

April 28, 2026

Impact: command injection

🏷️ Tags

reportlatesttotolinka8000rucstecgisetvpnaccountcfgcommandinjectioncvecve-2026-7240

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: Latest: CVE-2026-7240 - Totolink A8000RU CGI cstecgi.cgi setVpnAccountCfg os command injection

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-7235 - ErlichLiu claude-agent-sdk-master route.ts path traversal - 2025 Update

Report: CVE-2026-40966 - VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memor

Report: CVE-2026-7237 - AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal

Report: Latest: CVE-2026-4805 - Woostify <= 2.5.0 - authenticated (contributor+) stored cross-site scripting via ...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting