VYPR

A7000r Firmware

by Totolink

CVEs (5)

  • CVE-2026-1623MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection. The attack can be initiated remotely. The exploit has been made available to…

  • CVE-2026-1601MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.02

    A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The…

  • CVE-2026-1548MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.03

    A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit has been published and…

  • CVE-2026-1547MedJan 28, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now…

  • CVE-2024-37626Jun 20, 2024
    risk 0.00cvss epss 0.02

    A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function.