CVE-2026-6113: Totolink A7100RU Command Injection - PoC Available

Overview

A critical command injection vulnerability, CVE-2026-6113, affects the Totolink A7100RU router. The flaw resides in the firmware version 7.4cu.2313_b20191024, specifically within the CGI handler component. An attacker can exploit this vulnerability remotely without any authentication.

Vulnerability Details

The vulnerability exists in the setTtyServiceCfg function of the /cgi-bin/cstecgi.cgi file. This function improperly handles user-supplied input passed to the ttyEnable argument. Because the input is not sanitized, a remote attacker can craft a malicious request containing operating system commands. The router’s web interface will then execute these commands with the privileges of the underlying system process, typically root. The technical details and proof-of-concept (PoC) exploit code have been publicly disclosed.

Impact Assessment

With a CVSS v3.1 score of 9.8 (Critical), this vulnerability poses a severe risk. Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected router. This could lead to a complete compromise of the device, enabling the attacker to:

• Steal network traffic and credentials.
• Change router settings to redirect users to malicious sites.
• Use the router as a foothold to attack other devices on the internal network.
• Permanently disable the device (brick it).

Remediation and Mitigation

The primary remediation is to apply a firmware update from Totolink. Users of the A7100RU router must immediately check the vendor’s official support portal for a patched firmware version and upgrade. Important: If a patch is not yet available, consider the following interim mitigation strategies:

• Isolate Devices: Segment affected routers from critical internal network segments.
• Restrict Access: Use firewall rules to restrict WAN-side access to the router’s web management interface. If remote administration is not required, disable it entirely.
• Monitor for Updates: Regularly check Totolink’s website for security advisories related to this CVE. For the latest on emerging threats and vendor responses, follow updates in our security news section.

Security Insight

This vulnerability highlights the persistent risk in consumer and SOHO network equipment, where CGI-based web interfaces remain a common attack surface for command injection. Similar flaws in other vendors’ routers have historically led to devices being enlisted into botnets for DDoS attacks. The public availability of a PoC for CVE-2026-6113 significantly lowers the barrier for exploitation, making widespread scanning and attacks likely in the absence of patching.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs