Medium severity6.3NVD Advisory· Published Jan 28, 2026· Updated Apr 29, 2026
CVE-2026-1548
CVE-2026-1548
Description
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:totolink:a7000r_firmware:4.1cu.4154:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
6- github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.mdnvdExploitThird Party Advisory
- github.com/xyh4ck/iot_poc/blob/main/TOTOLINK/A7000R/02_RCE_CloudACMunualUpdateUserdata_RCE.mdnvdExploit
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
- www.totolink.netnvdProduct
News mentions
0No linked articles in our index yet.