ГлавнаяУязвимости → CVE-2026-4497
7.3высокая

CVE-2026-4497

Описание

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Затрагиваемое ПО
Totolink Wa300 firmwareTotolink Wa300
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://github.com/hellonestor/killallbug/issues/1https://github.com/user-attachments/files/25790616/Unauthenticated.Remote.Code.Execution.in.TOTOLINK.WA300.via.Command.Injection.in.recvUpgradeNewFw.ziphttps://vuldb.com/?ctiid.352046https://vuldb.com/?id.352046https://vuldb.com/?submit.773875https://www.totolink.net/