CVE-2026-7721

MEDIUM WAF: High

CVSS 6.3 Published: 2026-05-04

CWE-77

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

WAF Coverage Analysis

Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

References

lavender-bicycle-a5a.notion.site
vuldb.com
vuldb.com
vuldb.com
www.totolink.net

Back to CVE Database