VYPR

A7100RU

by Totolink

CVEs (72)

  • CVE-2022-28579CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.03

    It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

  • CVE-2022-28578CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.03

    It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

  • CVE-2022-28577CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.03

    It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.

  • CVE-2022-28575CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.03

    It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload

  • CVE-2026-5692HigApr 7, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-5691HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely.…

  • CVE-2026-5690HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit…

  • CVE-2026-5689HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible.…

  • CVE-2026-5688HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit…

  • CVE-2026-5678HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The…

  • CVE-2026-5677HigApr 6, 2026
    risk 0.48cvss 7.3epss 0.01

    A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The…

  • CVE-2025-44655Jul 21, 2025
    risk 0.00cvss epss 0.00

    In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Page 4 of 4