CVE-2026-6115: Totolink A7100RU Command Injection - PoC Available
CVE-2026-6115
CVE-2026-6115 grants unauthenticated remote code execution on Totolink A7100RU routers via command injection. Public PoC released. Update to patched firmware immediately.
Patch now - CVE-2026-6115 is a critical command injection vulnerability in the Totolink A7100RU router (firmware 7.4cu.2313_b20191024) that grants unauthenticated remote attackers arbitrary command execution over the network. A public proof-of-concept exploit has been released, making prompt patching critical.
Overview
A critical command injection vulnerability, CVE-2026-6115, affects the Totolink A7100RU router. The flaw resides in the device’s web management interface, specifically within the setAppCfg function of the /cgi-bin/cstecgi.cgi CGI handler. Attackers can exploit this by sending a specially crafted network request to manipulate the enable argument, leading to arbitrary operating system command execution.
Technical Details
The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL). Its vector is particularly severe: it can be exploited over a network (Attack Vector: NETWORK) without any user interaction (User Interaction: NONE) or prior authentication (Privileges Required: NONE). The attack complexity is low, meaning exploitation is straightforward. A proof-of-concept (PoC) exploit has been made public, significantly lowering the barrier for attackers to weaponize this flaw. The specific affected firmware version is 7.4cu.2313_b20191024.
Impact
If successfully exploited, this vulnerability grants an unauthenticated remote attacker the ability to execute commands with the privileges of the web server process on the router. This can lead to a complete compromise of the device, allowing attackers to steal sensitive network information, install persistent malware, redirect traffic, or use the router as a foothold to attack other devices on the internal network. For the latest on network breaches, you can review breach reports.
Remediation and Mitigation
The primary remediation is to apply a firmware update from Totolink. Users should immediately check the vendor’s official support portal for a patched version of the firmware for the A7100RU model. If a patch is not yet available, consider the following mitigations:
- Restrict access to the router’s web management interface (port 80/443) to only trusted internal networks. Do not expose this interface to the internet.
- If remote administration is not required, disable it entirely.
- Monitor network traffic for unexpected outbound connections or suspicious requests to the
/cgi-bin/cstecgi.cgiendpoint. Stay informed on emerging threats by following security news.
Security Insight
This vulnerability highlights the persistent security challenges in consumer and SOHO network equipment, where CGI-based administrative interfaces remain a common weak point. Similar to past widespread router exploits, the public release of a PoC for CVE-2026-6115 will likely lead to rapid, automated scanning and exploitation attempts, making prompt patching essential for defenders.
Further Reading
Never miss a critical vulnerability
Get real-time security alerts delivered to your preferred platform.
Related Advisories
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network....
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipula...
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat...
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of...