CVE-2026-1547 – Totolink A7000R cstecgi.cgi setUnloadUserData command injection

CVE ID : CVE-2026-1547

Published : Jan. 28, 2026, 10:15 p.m. | 52 minutes ago

Description : A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…