CVE-2026-4497

HIGH WAF: High

CVSS 7.3 Published: 2026-03-20

CWE-77 CWE-78

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

github.com
github.com
vuldb.com
vuldb.com
vuldb.com
www.totolink.net

Back to CVE Database