CVE-2026-1623 | Totolink A7000R 4.1cu.4154 /cgi-bin/cstecgi.cgi setUpgradeFW FileName command injection

A vulnerability has been found in Totolink A7000R 4.1cu.4154 and classified as critical. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injection.

This vulnerability is handled as CVE-2026-1623. The attack can be initiated remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More