Skip to content

Commit ac42881

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-hh2p-hqf4-c9m6 GHSA-v7g8-5jcv-9p6p GHSA-w4j6-q4r3-hqwr
1 parent a5c4804 commit ac42881

File tree

3 files changed

+168
-0
lines changed

3 files changed

+168
-0
lines changed

advisories/unreviewed/2026/04/GHSA-hh2p-hqf4-c9m6/GHSA-hh2p-hqf4-c9m6.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hh2p-hqf4-c9m6",
4+
"modified": "2026-04-09T09:31:51Z",
5+
"published": "2026-04-09T09:31:51Z",
6+
"aliases": [
7+
"CVE-2026-5853"
8+
],
9+
"details": "A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5853"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_159/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/791274"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356379"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356379/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-77"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-09T07:16:05Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-v7g8-5jcv-9p6p/GHSA-v7g8-5jcv-9p6p.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v7g8-5jcv-9p6p",
4+
"modified": "2026-04-09T09:31:51Z",
5+
"published": "2026-04-09T09:31:51Z",
6+
"aliases": [
7+
"CVE-2026-5852"
8+
],
9+
"details": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5852"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_158/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/791272"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356378"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356378/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-77"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-09T07:16:04Z"
55+
}
56+
}

advisories/unreviewed/2026/04/GHSA-w4j6-q4r3-hqwr/GHSA-w4j6-q4r3-hqwr.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w4j6-q4r3-hqwr",
4+
"modified": "2026-04-09T09:31:51Z",
5+
"published": "2026-04-09T09:31:51Z",
6+
"aliases": [
7+
"CVE-2026-5854"
8+
],
9+
"details": "A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5854"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_160/README.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/791276"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/356380"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/356380/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.totolink.net"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-77"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-04-09T07:16:05Z"
55+
}
56+
}

0 commit comments

Comments
 (0)