CVE-2026-6114

CRITICAL

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/12/2026Modified: 4/13/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-6114 — A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected ...

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.

CVE-2026-6114
NIST NVD

References (5)

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_179/README.mdhttps://vuldb.com/submit/792247https://vuldb.com/vuln/356974https://vuldb.com/vuln/356974/ctihttps://www.totolink.net/