What is CVE-2026-0641?

A low-severity command injection vulnerability in TOTOLINK WA300 firmware can be exploited remotely. Organizations should prioritize patching to mitigate risks associated with this vulnerability.

What is the severity of CVE-2026-0641?

CVE-2026-0641 has a severity rating of LOW with a CVSS base score of 2.1.

CVE-2026-0641 | Low Vulnerability in TOTOLINK WA300 Firmware

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability allows the manipulation of the argument UPLOAD_FILENAME, leading to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

The CVSS score for this vulnerability is 2.1, categorizing it as low severity. Although the score is low, organizations should still be aware of the potential risks associated with this vulnerability, especially as it can be exploited remotely.

Risk to organizations includes unauthorized access and potential execution of malicious commands. Organizations should prioritize patching immediately.

As of now, there is no known public exploit available for this vulnerability, but organizations are encouraged to remain vigilant and address this issue in their patching cycles.

Vulnerability Details

The vulnerability affects the function sub_401510 of the file cstecgi.cgi in the affected firmware version. The CVSS version 3.1 score indicates a base score of 8.8, which is classified as high, highlighting the importance of addressing this vulnerability promptly.

The affected product is the TOTOLINK WA300 firmware version 5.2cu.7112_B20190227. The CWE classifications associated with this vulnerability are CWE-74 (Injection) and CWE-77 (Command Injection).

Technical Analysis

The root cause of this vulnerability lies in improper handling of user inputs in the UPLOAD_FILENAME argument, which can lead to command injection attacks. The attack vector is network-based, and the attack complexity is classified as low, which means that an attacker does not require advanced skills to exploit this vulnerability.

Since the attacker requires low privileges and no user interaction is needed, this vulnerability poses a significant risk. The confidentiality, integrity, and availability impacts are all rated as low, but the potential for exploitation remains.

Risk & Impact Analysis

In real-world deployments, the risk includes unauthorized command execution that could compromise system integrity. Organizations utilizing the affected firmware should assess their exposure and the potential blast radius of this vulnerability, as it could enable further malicious activities within networked environments.

Organizations should prioritize this vulnerability in their patch management processes. Given the low CVSS score, it may not be at the top of the list, but proactive measures are essential to prevent potential exploitation.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is the TOTOLINK WA300 firmware version 5.2cu.7112_B20190227. Organizations should ensure they are running the latest firmware to mitigate this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching the TOTOLINK WA300 firmware to the latest version provided by the vendor. If a patch is not available, consider implementing network segmentation to limit exposure of the affected devices. For further guidance, organizations can refer to the penetration testing best practices to identify potential vulnerabilities in their network.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for abnormal command executions and unexpected changes in system behavior. Implementing network signatures that can identify unusual traffic patterns associated with command injection attempts is crucial.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to enable further attacks if not addressed. Security teams should be aware of the patterns that lead to such vulnerabilities and work towards implementing comprehensive security measures. Regular security assessments, including penetration testing methodologies, can help identify similar weaknesses in other products.

This incident serves as a reminder of the importance of secure coding practices and the need for ongoing security training within development teams. By fostering a security-first culture, organizations can better protect themselves against emerging threats.

For additional insights, organizations can explore our resources on vulnerability management programs and strategies for effective security testing to enhance overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2026-7704	CVE-2026-7704: Low Vulnerability in AV Stumpfl Pixera Two Media Server	LOW	Path Traversal	May 3, 2026
CVE-2026-7703	CVE-2026-7703: Medium Vulnerability in AV Stumpfl Pixera Two Media Server	MEDIUM	Injection	May 3, 2026
CVE-2026-7702	CVE-2026-7702: Medium Vulnerability in toeverything AFFiNE	MEDIUM	Improper Authorization	May 3, 2026
CVE-2026-7701	CVE-2026-7701: Low Vulnerability in Telegram Desktop	LOW	Null Pointer Dereference	May 3, 2026
CVE-2026-7700	CVE-2026-7700: Low Vulnerability in langflow-ai langflow	LOW	Injection	May 3, 2026

CVE-2026-0641: Low Vulnerability in TOTOLINK WA300 Firmware