Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Totolink A7100RU: Unauthorized Code Execution via Command Injection
CVE-2026-6116
Summary
An attacker can potentially execute unauthorized commands on your Totolink A7100RU device by exploiting a weakness in its CGI Handler. This could allow them to gain control of the device or disrupt its operation. Update your device to the latest firmware to fix this issue.
Original title
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The m...
Original description
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 12 Apr 2026 · Updated: 12 Apr 2026 · First seen: 12 Apr 2026