A vulnerability has been found in Tenda F456 1
Description
A vulnerability has been found in Tenda F456 1
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
A vulnerability has been found in Tenda F456 1
A vulnerability has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F456 1
A flaw has been found in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F456 1
A vulnerability was detected in Tenda F456 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Totolink A3002MU B20211125
A weakness has been identified in Totolink A3002MU B20211125
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in UTT HiPER 1200GW up to 2
A security vulnerability has been detected in UTT HiPER 1200GW up to 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in code-projects Simple Content Management System 1
A security flaw has been discovered in code-projects Simple Content Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in code-projects Simple Content Management System 1
A vulnerability was identified in code-projects Simple Content Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in TOTOLINK A7000R up to 9
A flaw has been found in TOTOLINK A7000R up to 9
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in code-projects Faculty Management System 1
A vulnerability was detected in code-projects Faculty Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1
A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in code-projects Vehicle Showroom Management System 1
A weakness has been identified in code-projects Vehicle Showroom Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in code-projects Lost and Found Thing Management 1
A security flaw has been discovered in code-projects Lost and Found Thing Management 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in code-projects Lost and Found Thing Management 1
A vulnerability was identified in code-projects Lost and Found Thing Management 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in code-projects Simple ChatBox up to 1
A vulnerability was determined in code-projects Simple ChatBox up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Totolink N300RH 6
A flaw has been found in Totolink N300RH 6
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Totolink A800R 4
A vulnerability was detected in Totolink A800R 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Totolink A7100RU allows remote OS command injection via the setIpQosRules function in the CGI handler.
Totolink A7100RU allows remote OS command injection via the setIpQosRules function in the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU allows remote OS command injection via the setIpQosRules function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU permits remote, unauthenticated attackers to execute arbitrary system commands.
Vulnerability Details
CVE-ID: CVE-2026-6156
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The setIpQosRules function in /cgi-bin/cstecgi.cgi fails to sanitize the Comment argument, allowing an unauthenticated attacker to inject and execute OS commands.
Business Impact
The CVSS score of 9.8 highlights the critical threat of this vulnerability. Successful exploitation provides the attacker with full control over the device, facilitating further network penetration and data interception.
Remediation Plan
Immediate Action: Apply the vendor-provided firmware update immediately to patch the vulnerable CGI function.
Proactive Monitoring: Monitor system logs for unusual behavior or unauthorized command execution.
Compensating Controls: Ensure the router's management interface is not accessible from the public internet by configuring appropriate firewall rules.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploit code is available. The risk of exploitation is extremely high given the remote nature of the flaw.
Analyst Recommendation
Immediate firmware updates are required to mitigate this critical risk. Restricting access to the device management interface is a necessary secondary measure to prevent unauthorized exploitation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Totolink A7100RU is vulnerable to remote OS command injection via the setWanCfg function in the CGI handler.
Totolink A7100RU is vulnerable to remote OS command injection via the setWanCfg function in the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313
---END_METADATA---
Description Summary:
Totolink A7100RU is vulnerable to remote OS command injection via the setWanCfg function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU allows remote attackers to execute arbitrary commands with full system privileges.
Vulnerability Details
CVE-ID: CVE-2026-6155
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313
Vulnerability: The setWanCfg function in /cgi-bin/cstecgi.cgi does not properly sanitize the pppoeServiceName argument, allowing for remote OS command injection by an unauthenticated attacker.
Business Impact
A CVSS score of 9.8 signifies a critical risk of full system compromise. Attackers can gain control over network configuration and traffic, potentially leading to man-in-the-middle attacks or full internal network access.
Remediation Plan
Immediate Action: Update to the latest firmware version as provided by Totolink to address the identified command injection vulnerability.
Proactive Monitoring: Monitor for suspicious network configuration changes or unusual outbound traffic from the router.
Compensating Controls: Use firewall rules to block internet-facing access to the device's web management interface.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploits are available. The severity and ease of exploitation necessitate immediate action.
Analyst Recommendation
This is a high-priority issue. Administrators should update affected devices immediately and ensure that management interfaces are not exposed to the public internet.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Totolink A7100RU allows remote OS command injection via the setWizardCfg function within the CGI handler.
Totolink A7100RU allows remote OS command injection via the setWizardCfg function within the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU allows remote OS command injection via the setWizardCfg function within the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU allows remote, unauthenticated attackers to execute arbitrary system commands.
Vulnerability Details
CVE-ID: CVE-2026-6154
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The setWizardCfg function in /cgi-bin/cstecgi.cgi fails to sanitize the wizard argument, enabling an unauthenticated attacker to inject and execute OS commands.
Business Impact
The CVSS score of 9.8 indicates a critical risk. Successful exploitation grants the attacker full control over the router, which can be used to compromise all traffic passing through the device and potentially infiltrate internal resources.
Remediation Plan
Immediate Action: Install the latest firmware update provided by the vendor to remediate the command injection flaw.
Proactive Monitoring: Review system and audit logs for signs of arbitrary command execution or unauthorized configuration changes.
Compensating Controls: Implement strict firewall rules to prevent external access to the device's CGI management endpoints.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploits have been identified. The potential for malicious use is high, and immediate patching is required.
Analyst Recommendation
Administrators must prioritize the firmware update for all affected devices. Until an update is applied, ensure that access to the device is limited to trusted, internal-only networks.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in code-projects Vehicle Showroom Management System 1
A vulnerability was identified in code-projects Vehicle Showroom Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in code-projects Vehicle Showroom Management System 1
A vulnerability was determined in code-projects Vehicle Showroom Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in code-projects Vehicle Showroom Management System 1
A vulnerability was found in code-projects Vehicle Showroom Management System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in code-projects Vehicle Showroom Management System 1
A flaw has been found in code-projects Vehicle Showroom Management System 1
---METADATA---
VENDOR: Code-projects
PRODUCT: Vehicle Showroom Management System
AFFECTED_VERSIONS: 1
---END_METADATA---
Description Summary:
A security flaw has been identified in version 1 of the Code-projects Vehicle Showroom Management System, requiring immediate attention.
Executive Summary:
The Code-projects Vehicle Showroom Management System contains a security flaw in version 1 that requires immediate administrative action to mitigate potential risks.
Vulnerability Details
CVE-ID: CVE-2026-6149
Affected Software: Code-projects, Vehicle Showroom Management System
Affected Versions: 1
Vulnerability: This vulnerability involves a flaw within the Vehicle Showroom Management System. The issue potentially allows for unauthorized interaction with the application, necessitating a review of current security controls to prevent exploitation of the underlying system logic.
Business Impact
The CVSS score of 7.3 highlights a significant risk, particularly regarding the integrity of business data and the availability of the management system. Unauthorized access could result in the compromise of sensitive showroom data and the disruption of critical business functions.
Remediation Plan
Immediate Action: Ensure the application is behind a secure VPN and not directly accessible via the public internet while awaiting a vendor patch.
Proactive Monitoring: Audit access logs for anomalous behavior, particularly requests originating from unauthorized or unexpected IP ranges.
Compensating Controls: Implement strict input validation and session management policies via a WAF to mitigate potential exploitation attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 13, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams must prioritize the security of the Vehicle Showroom Management System. Given the identified vulnerability, it is imperative to apply security updates as soon as they are released by the vendor and maintain a defensive security posture to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in code-projects Vehicle Showroom Management System 1
A vulnerability was detected in code-projects Vehicle Showroom Management System 1
---METADATA---
VENDOR: Code-projects
PRODUCT: Vehicle Showroom Management System
AFFECTED_VERSIONS: 1
---END_METADATA---
Description Summary:
A security vulnerability has been detected in version 1 of the Code-projects Vehicle Showroom Management System.
Executive Summary:
A high-severity vulnerability in the Code-projects Vehicle Showroom Management System exposes the platform to potential unauthorized access and compromise.
Vulnerability Details
CVE-ID: CVE-2026-6148
Affected Software: Code-projects, Vehicle Showroom Management System
Affected Versions: 1
Vulnerability: This vulnerability affects the Vehicle Showroom Management System. The nature of the flaw suggests potential weaknesses in the application's authentication or session management, which may allow attackers to interact with the system without sufficient authorization.
Business Impact
With a CVSS score of 7.3, the vulnerability poses a substantial risk to sensitive customer and showroom data. Exploitation could lead to data exfiltration, unauthorized modification of records, and potential compromise of the administrative interface, impacting business operations and customer trust.
Remediation Plan
Immediate Action: Immediately isolate the application from public-facing networks until a vendor-supplied security patch is applied.
Proactive Monitoring: Monitor database query logs for evidence of unauthorized data retrieval or administrative command execution.
Compensating Controls: Use a Web Application Firewall (WAF) to validate incoming requests and block attempts to bypass authentication mechanisms.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 13, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators should treat this vulnerability with high urgency. If an update is not immediately available, the system should be restricted to internal use only to minimize exposure to external threats until remediation is complete.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15
---METADATA---
VENDOR: Tushar
PRODUCT: Hotel Management System
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
The Tushar Hotel Management System contains a security vulnerability that requires immediate attention.
Executive Summary:
A high-severity security vulnerability has been identified in the Tushar Hotel Management System, potentially allowing for unauthorized access or system impact.
Vulnerability Details
CVE-ID: CVE-2026-6142
Affected Software: Tushar Hotel Management System
Affected Versions: See vendor advisory for affected versions
Vulnerability: A vulnerability exists in the Tushar Hotel Management System; however, specific technical details regarding the affected function or authentication requirements remain limited.
Business Impact
The CVSS score of 7.3 indicates a high level of risk. Potential consequences include unauthorized access to guest or booking data, leading to regulatory compliance issues (e.g., GDPR/PII), reputational damage, and potential service interruption.
Remediation Plan
Immediate Action: Apply all security updates as soon as they are made available by the vendor.
Proactive Monitoring: Review application access logs for any anomalous behavior or unauthorized access attempts to the management system.
Compensating Controls: Implement WAF rules to monitor for common web-based attack patterns and restrict network access to the application to authorized users only.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of April 13, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high CVSS score warrants prompt attention to security advisories.
Analyst Recommendation
While an exploit is not currently public, the high severity of the vulnerability requires proactive management. Organizations should monitor the vendor's advisory channels and apply patches as soon as they are released to ensure the security of their hotel management environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Totolink A7100RU is susceptible to remote OS command injection via the UploadFirmwareFile function in the CGI handler.
Totolink A7100RU is susceptible to remote OS command injection via the UploadFirmwareFile function in the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU is susceptible to remote OS command injection via the UploadFirmwareFile function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU enables remote, unauthenticated attackers to execute arbitrary commands on the system.
Vulnerability Details
CVE-ID: CVE-2026-6140
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The UploadFirmwareFile function in /cgi-bin/cstecgi.cgi lacks adequate input validation for the FileName argument, permitting remote OS command injection.
Business Impact
With a CVSS score of 9.8, this vulnerability allows for complete system compromise. Attackers could potentially overwrite firmware or execute malicious code, leading to long-term persistence and unauthorized access to network traffic.
Remediation Plan
Immediate Action: Update to the latest firmware version released by Totolink to address the vulnerability in the CGI handler.
Proactive Monitoring: Monitor logs for unauthorized or suspicious firmware upload attempts.
Compensating Controls: Restrict administrative access to the router's web interface to authorized management subnets only.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploits are available. The critical severity and remote exploitability demand immediate attention.
Analyst Recommendation
The risk posed by this vulnerability is extreme. It is essential to apply the vendor-provided firmware update immediately and restrict exposure of the web management interface.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Totolink A7100RU contains an OS command injection vulnerability in the UploadOpenVpnCert function of the CGI handler.
Totolink A7100RU contains an OS command injection vulnerability in the UploadOpenVpnCert function of the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU contains an OS command injection vulnerability in the UploadOpenVpnCert function of the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU allows unauthenticated remote attackers to execute arbitrary system commands.
Vulnerability Details
CVE-ID: CVE-2026-6139
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The UploadOpenVpnCert function in /cgi-bin/cstecgi.cgi does not properly sanitize the FileName argument, facilitating remote OS command injection by an unauthenticated attacker.
Business Impact
The CVSS score of 9.8 highlights the critical nature of this vulnerability. Compromise of the router allows for full control of the network gateway, potentially leading to widespread data interception and lateral movement into the internal corporate environment.
Remediation Plan
Immediate Action: Patch the device by installing the most recent firmware update from the manufacturer.
Proactive Monitoring: Monitor for anomalous traffic patterns or unexpected file uploads related to OpenVPN certificate management.
Compensating Controls: Disable unnecessary management services or restrict access to the web interface via network access control lists.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploits are available for this vulnerability, significantly increasing the likelihood of successful exploitation.
Analyst Recommendation
Immediate remediation is required to secure the device against remote command execution. Administrators should prioritize firmware updates and ensure the device is not reachable from untrusted networks.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Totolink A7100RU is vulnerable to remote OS command injection via the setAccessDeviceCfg function in the CGI handler.
Totolink A7100RU is vulnerable to remote OS command injection via the setAccessDeviceCfg function in the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU is vulnerable to remote OS command injection via the setAccessDeviceCfg function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU permits remote attackers to execute arbitrary commands with administrative privileges.
Vulnerability Details
CVE-ID: CVE-2026-6138
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The setAccessDeviceCfg function within /cgi-bin/cstecgi.cgi fails to sanitize the mac argument, allowing unauthenticated remote attackers to inject and execute OS commands.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a severe threat. Successful exploitation allows for complete control over the affected hardware, enabling attackers to intercept traffic, modify configurations, or deploy malicious payloads within the network.
Remediation Plan
Immediate Action: Update the device firmware to the latest version provided by Totolink to patch the vulnerable CGI handler.
Proactive Monitoring: Review system logs for unexpected execution of shell commands or unauthorized configuration changes.
Compensating Controls: Implement an ingress firewall policy to block unauthorized access to the web management interface of the router.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 13, 2026, public exploit material is available. The ease of triggering this command injection necessitates immediate patching.
Analyst Recommendation
Given the availability of public exploits, the urgency for remediation is high. All affected Totolink devices must be updated to the latest available firmware to mitigate the risk of remote command execution.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F451 1
A vulnerability was detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in Tenda F451 1
A security vulnerability has been detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in Tenda F451 1
A weakness has been identified in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tenda F451 1
A security flaw has been discovered in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in Tenda F451 1
A vulnerability was identified in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Totolink A7100RU allows remote unauthenticated attackers to execute arbitrary OS commands via the setLedCfg function in the CGI handler.
Totolink A7100RU allows remote unauthenticated attackers to execute arbitrary OS commands via the setLedCfg function in the CGI handler.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Totolink A7100RU allows remote unauthenticated attackers to execute arbitrary OS commands via the setLedCfg function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU allows remote attackers to achieve full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-6132
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The vulnerability exists in the setLedCfg function of /cgi-bin/cstecgi.cgi, where the enable argument is not properly sanitized, leading to OS command injection by an unauthenticated attacker.
Business Impact
The CVSS score of 9.8 reflects the high probability of total device takeover. An attacker can gain persistent access, pivot into internal networks, or participate in botnet activities, leading to severe security breaches and potential loss of network integrity.
Remediation Plan
Immediate Action: Apply the vendor-provided firmware update immediately to address the command injection flaw.
Proactive Monitoring: Monitor network traffic for unusual outbound connections or shell-like activity originating from the device.
Compensating Controls: Restrict access to the device's management interface to trusted internal IP addresses only via firewall rules.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 12, 2026, public exploit code is available for this vulnerability. Given the ease of remote exploitation, the risk of active compromise is extremely high.
Analyst Recommendation
This is a critical vulnerability with active public exploits. It is imperative that affected devices are updated immediately. If an update cannot be applied, the device should be isolated from the public internet to prevent exploitation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Acer Totolink A7100RU is vulnerable to remote OS command injection via the setTracerouteCfg function in the CGI handler.
Acer Totolink A7100RU is vulnerable to remote OS command injection via the setTracerouteCfg function in the CGI handler.
---METADATA---
VENDOR: Acer
PRODUCT: Totolink A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
Acer Totolink A7100RU is vulnerable to remote OS command injection via the setTracerouteCfg function in the CGI handler.
Executive Summary:
A critical OS command injection vulnerability in the Acer Totolink A7100RU allows remote, unauthenticated attackers to execute arbitrary commands on the system.
Vulnerability Details
CVE-ID: CVE-2026-6131
Affected Software: Acer Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The setTracerouteCfg function in /cgi-bin/cstecgi.cgi lacks proper input validation on the command argument, enabling an unauthenticated attacker to perform OS command injection.
Business Impact
With a CVSS score of 9.8, this vulnerability allows for complete device control. This could lead to unauthorized access to the local area network, interception of sensitive data, and potential use of the device in larger-scale attacks.
Remediation Plan
Immediate Action: Install the latest firmware update provided by Acer/Totolink to resolve this command injection vulnerability.
Proactive Monitoring: Monitor for unusual traceroute or diagnostic requests and unexpected system command execution.
Compensating Controls: Restrict access to the router's web-based management interface to authorized administrative workstations.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 12, 2026, public exploits are available. The remote nature of the vulnerability makes it a high-priority threat.
Analyst Recommendation
Immediate remediation is essential. Administrators must update the device firmware and limit exposure of the management interface to mitigate the risk of remote command execution.
Update Acer Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A flaw has been found in chatboxai chatbox up to 1
A flaw has been found in chatboxai chatbox up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2
A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in Tenda F451 1
A vulnerability was determined in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in Tenda F451 1
A vulnerability was found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in Tenda F451 1
A vulnerability has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Tenda F451 1
A flaw has been found in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in Tenda F451 1
A vulnerability was detected in Tenda F451 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the ip argument.
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the ip argument.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the ip argument.
Executive Summary:
A remote OS command injection vulnerability in the Totolink A7100RU router allows unauthenticated remote attackers to execute arbitrary system commands.
Vulnerability Details
CVE-ID: CVE-2026-6116
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: This vulnerability affects the setDiagnosisCfg function in /cgi-bin/cstecgi.cgi, where the ip argument is not properly sanitized, permitting unauthenticated remote OS command injection.
Business Impact
A CVSS score of 9.8 indicates a critical risk. An attacker can use this vulnerability to gain full administrative control over the router, resulting in potential data theft, network disruption, and lateral movement within the organization.
Remediation Plan
Immediate Action: Update the router firmware to the latest version.
Proactive Monitoring: Monitor logs for unauthorized access or suspicious activity on the device's web management interface.
Compensating Controls: If patching is delayed, disable the web management interface or restrict access via firewall rules to known safe IP addresses.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 12, 2026, public exploit code is available for this vulnerability. The risk of exploitation is high, requiring immediate attention.
Analyst Recommendation
This vulnerability presents a severe risk to network security. Organizations should ensure that all affected Totolink hardware is updated to the latest firmware release as a matter of urgency.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the enable argument.
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the enable argument.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the enable argument.
Executive Summary:
A remote OS command injection vulnerability in the Totolink A7100RU router creates a critical risk of unauthorized remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-6115
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The setAppCfg function in /cgi-bin/cstecgi.cgi contains an input sanitization flaw in the enable argument, which can be leveraged by an unauthenticated attacker to execute OS commands.
Business Impact
The CVSS score of 9.8 highlights the critical nature of this vulnerability. Successful exploitation grants the attacker full control over the router, enabling persistent access and the ability to launch further attacks against the internal network.
Remediation Plan
Immediate Action: Apply the vendor-provided firmware update immediately.
Proactive Monitoring: Analyze network traffic for unusual patterns or external connections originating from the router.
Compensating Controls: Restrict management access to the router to trusted, local network segments only.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 12, 2026, public exploit code is available for this vulnerability. The risk of exploitation is high, and immediate action is required.
Analyst Recommendation
Administrators must treat this as a high-priority incident. Apply the necessary firmware updates to mitigate the risk of remote command execution and potential network-wide compromise.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
The Totolink A7100RU router contains an OS command injection vulnerability in the setPasswordCfg function, allowing remote unauthenticated attackers to execute arbitrary commands.
Executive Summary:
A critical OS command injection vulnerability in the Totolink A7100RU router enables remote unauthenticated attackers to execute arbitrary system commands, posing a severe risk of full device compromise.
Vulnerability Details
CVE-ID: CVE-2026-6195
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: This vulnerability exists in the /cgi-bin/cstecgi.cgi file within the CGI handler, where the admpass argument is improperly sanitized. Unauthenticated remote attackers can leverage this flaw to inject and execute system-level commands via the setPasswordCfg function.
Business Impact
The CVSS score of 9.8 reflects the critical nature of this flaw, as it allows for full remote system compromise without authentication. Successful exploitation could lead to total loss of device integrity, unauthorized access to network traffic, and the potential use of the device as a pivot point for lateral movement within the internal network.
Remediation Plan
Immediate Action: Contact the vendor for the latest firmware release or consider isolating the affected device from the public internet immediately.
Proactive Monitoring: Review web access logs for suspicious requests directed at /cgi-bin/cstecgi.cgi, particularly those containing shell metacharacters.
Compensating Controls: Implement strict firewall rules to restrict access to the device management interface to trusted administrative IP addresses only.
Exploitation Status
Public Exploit Available: Yes
Analyst Notes: As of Apr 13, 2026, public exploit code is available for this vulnerability. Organizations should treat this as an active threat and restrict network access to the affected hardware immediately.
Analyst Recommendation
Due to the critical severity and the existence of public exploit code, this vulnerability represents an imminent threat. Administrators must prioritize updating the firmware or, if no patch is available, moving the device behind a secure VPN or firewall to prevent unauthorized remote access.