CVE-2026-5692

EUVD-2026-19557
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_190/README.md
https://vuldb.com/submit/792963
https://vuldb.com/vuln/355519
https://vuldb.com/vuln/355519/cti
https://www.totolink.net/