CVE-2026-5692

HIGH WAF: High

CVSS 7.3 Published: 2026-04-07

CWE-77 CWE-78

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

github.com
vuldb.com
vuldb.com
vuldb.com
www.totolink.net

Back to CVE Database