CVE-2026-6115: Totolink A7100RU Command Injection - PoC Available
CVE-2026-6115
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argum...
Overview
A critical command injection vulnerability, CVE-2026-6115, affects the Totolink A7100RU router. The flaw resides in the device’s web management interface, specifically within the setAppCfg function of the /cgi-bin/cstecgi.cgi CGI handler. Attackers can exploit this by sending a specially crafted network request to manipulate the enable argument, leading to arbitrary operating system command execution.
Technical Details
The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL). Its vector is particularly severe: it can be exploited over a network (Attack Vector: NETWORK) without any user interaction (User Interaction: NONE) or prior authentication (Privileges Required: NONE). The attack complexity is low, meaning exploitation is straightforward. A proof-of-concept (PoC) exploit has been made public, significantly lowering the barrier for attackers to weaponize this flaw. The specific affected firmware version is 7.4cu.2313_b20191024.
Impact
If successfully exploited, this vulnerability grants an unauthenticated remote attacker the ability to execute commands with the privileges of the web server process on the router. This can lead to a complete compromise of the device, allowing attackers to steal sensitive network information, install persistent malware, redirect traffic, or use the router as a foothold to attack other devices on the internal network. For the latest on network breaches, you can review breach reports.
Remediation and Mitigation
The primary remediation is to apply a firmware update from Totolink. Users should immediately check the vendor’s official support portal for a patched version of the firmware for the A7100RU model. If a patch is not yet available, consider the following mitigations:
- Restrict access to the router’s web management interface (port 80/443) to only trusted internal networks. Do not expose this interface to the internet.
- If remote administration is not required, disable it entirely.
- Monitor network traffic for unexpected outbound connections or suspicious requests to the
/cgi-bin/cstecgi.cgiendpoint. Stay informed on emerging threats by following security news.
Security Insight
This vulnerability highlights the persistent security challenges in consumer and SOHO network equipment, where CGI-based administrative interfaces remain a common weak point. Similar to past widespread router exploits, the public release of a PoC for CVE-2026-6115 will likely lead to rapid, automated scanning and exploitation attempts, making prompt patching essential for defenders.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of...
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the ar...
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component C...
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ...