Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.9
Totolink A7100RU Router: Malicious Commands Can Be Injected Remotely
CVE-2026-6138
Summary
A security flaw in Totolink A7100RU routers allows hackers to execute malicious commands remotely. This means that an attacker can potentially take control of your router and disrupt your internet connection. To stay safe, update your router's firmware to the latest version or consider replacing it with a newer model.
Original title
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulat...
Original description
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
nvd CVSS2.0
10.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.9
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
Published: 13 Apr 2026 · Updated: 13 Apr 2026 · First seen: 13 Apr 2026