CVE-2026-1601
Unknown Unknown - Not Provided
Remote Command Injection in Totolink A7000R setUploadUserData Function

Publication date: 2026-01-29

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1601
EUVD
EUVD-2026-4972
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7000r_firmware 4.1cu.4154
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1601 is a command injection vulnerability in the Totolink A7000R router (firmware version 4.1cu.4154). It exists in the function setUploadUserData within the /cgi-bin/cstecgi.cgi file. An attacker can manipulate the FileName argument to inject and execute arbitrary commands remotely without authentication. This flaw arises because the router improperly handles input, allowing special characters to alter commands executed by the system. [2, 3]

Impact Analysis

This vulnerability allows an attacker to remotely execute arbitrary commands on the affected router, potentially gaining full control over the device. This compromises the confidentiality, integrity, and availability of the system, enabling unauthorized access, data manipulation, or disruption of network services. Since the exploit is publicly available and easy to perform, the risk of attack is significant. [2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests to the endpoint /cgi-bin/cstecgi.cgi with the parameter setUploadUserData, especially those manipulating the FileName argument. A practical detection method is to capture and analyze network traffic for suspicious POST requests targeting this endpoint. Additionally, reviewing web server logs for unusual POST requests to /cgi-bin/cstecgi.cgi may help identify exploitation attempts. Specific commands to detect this might include using tools like curl to test the endpoint or using network monitoring tools such as tcpdump or Wireshark to capture relevant traffic. For example, a curl command to test might be: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d 'action=setting/setUploadUserData&FileName=somepayload'. However, no official detection scripts or commands are provided in the resources. [2, 3]

Mitigation Strategies

Immediate mitigation steps include discontinuing use of the affected Totolink A7000R router running firmware version 4.1cu.4154, as no known countermeasures or patches currently exist. It is recommended to replace the affected device with an alternative product. Additionally, restricting network access to the router's management interface, especially blocking remote HTTP POST requests to /cgi-bin/cstecgi.cgi, can reduce exposure. Monitoring for suspicious activity and disabling any unnecessary remote management features may also help mitigate risk until a fix is available. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1601. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart