24h | 7d | 30d

CVE-2026-6155

Overview

  • Totolink
  • A7100RU
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CRITICAL: CVE-2026-6155 in Totolink A7100RU (fw 7.4cu.2313) allows unauthenticated OS command injection via pppoeServiceName in CGI handler. No patch yet — restrict remote access & monitor activity. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-6138

Overview

  • Totolink
  • A7100RU
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.

Statistics

  • 1 Post
Last activity: Last hour

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: Totolink A7100RU (7.4cu.2313_b20191024) suffers from unauthenticated OS command injection (CVE-2026-6138, CVSS 9.3). No patch yet. Limit remote access & watch for vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

CVE-2026-6156

Overview

  • Totolink
  • A7100RU
13 Apr 2026
Published
13 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🛑 CRITICAL: CVE-2026-6156 in Totolink A7100RU (7.4cu.2313_b20191024) enables unauthenticated OS command injection via setIpQosRules. No patch yet — restrict access & monitor updates. Exploit is public. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-30815

Overview

  • TP-Link Systems Inc.
  • AX53 v1.0
08 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.33%
KEV

Description

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
TP-Link Archer AX53に複数の脆弱性(CVE-2026-30815,CVE-2026-30818) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-30818

Overview

  • TP-Link Systems Inc.
  • AX53 v1.0
08 Apr 2026
Published
09 Apr 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.42%
KEV

Description

An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
TP-Link Archer AX53に複数の脆弱性(CVE-2026-30815,CVE-2026-30818) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 3h ago
Showing 21 to 25 of 25 CVEs