CVE-2026-0641
Unknown Unknown - Not Provided
Remote Command Injection in TOTOLINK WA300 cstecgi.cgi Upload Function

Publication date: 2026-01-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0641
EUVD
EUVD-2026-0958
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink wa300 5.2cu.7112_b20190227
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in the TOTOLINK WA300 router firmware version 5.2cu.7112_B20190227. It occurs in the function sub_401510 of the file cstecgi.cgi, specifically involving the UPLOAD_FILENAME parameter. Improper handling of this user-supplied input allows an attacker to inject and execute arbitrary system-level commands remotely on the device without sufficient validation. [1, 3]

Impact Analysis

Exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected router remotely. This can lead to deletion of files, compromise of device confidentiality, integrity, and availability, potentially disrupting network operations or enabling further attacks through the compromised device. [1, 3]

Detection Guidance

Detection of this vulnerability involves monitoring for unusual or unauthorized use of the UPLOAD_FILENAME parameter in requests to the cstecgi.cgi component of the TOTOLINK WA300 router firmware version V5.2cu.7112_B20190227. Since the vulnerability allows command injection via this parameter, inspecting HTTP requests for suspicious payloads targeting cstecgi.cgi is recommended. Specific detection commands are not provided in the resources, but network monitoring tools or web application firewalls could be configured to log or block suspicious inputs to this CGI endpoint. [1, 3]

Mitigation Strategies

There are no known countermeasures or mitigations currently available for this vulnerability. It is recommended to consider replacing the affected TOTOLINK WA300 device or firmware version 5.2cu.7112_B20190227. Additionally, restricting remote access to the device and monitoring for exploitation attempts may help reduce risk until a patch or fix is released. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0641. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart