Totolink A7100RU 7.4cu OS Command Injection via setVpnPassCfg (pptpPassThru)
CVE-2026-5850 Published on April 9, 2026
Totolink A7100RU CGI cstecgi.cgi setVpnPassCfg os command injection
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2026-5850 has been classified to as a Shell injection vulnerability or weakness.
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2026-5850 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2026-5850
Want to know whenever a new CVE is published for Totolink A7100ru Firmware? stack.watch will email you.
