CVE-2026-7720

MEDIUM

Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7720. PoCs published by davidrxchester.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-7020, which leverages a path traversal vulnerability in Ollama's tensor digest handling to achieve arbitrary file read. The PoC exfiltrates SSH host keys via unauthenticated API calls by manipulating registry endpoints.

Description

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Exploits (1)

github WORKING POC 1 stars

by davidrxchester · pythonpoc

https://github.com/davidrxchester/CVE-2026-7020

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-7020, which leverages a path traversal vulnerability in Ollama's tensor digest handling to achieve arbitrary file read. The PoC exfiltrates SSH host keys via unauthenticated API calls by manipulating registry endpoints.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Ollama (version not specified)

No auth needed

Prerequisites: network access to Ollama host · Ollama API endpoint reachable

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 17, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360896 | Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection

https://vuldb.com/vuln/360896

Signature, Permissions Required signature permissions-required

VDB-360896 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360896/cti

Third Party Advisory third-party-advisory

Submit #807198 | Totolink WA300 WA300 V5.2cu.7112_B20190227 Command Injection

https://vuldb.com/submit/807198

Exploit exploit

https://lavender-bicycle-a5a.notion.site/TOTOLINK-WA300-setLanguageCfg-34553a41781f8007b6c5c7964d424286

Product product

https://www.totolink.net/

Scores

CVSS v3 6.3

EPSS 0.0484

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-77

Status published

Products (1)

Totolink/WA300 5.2cu.7112_B20190227

Published May 04, 2026

Tracked Since May 04, 2026