A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the proto argument.
Description
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the proto argument.
AI Analyst Comment
Remediation
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Totolink
PRODUCT: A7100RU
AFFECTED_VERSIONS: 7.4cu.2313_b20191024
---END_METADATA---
Description Summary:
A remote OS command injection vulnerability exists in the Totolink A7100RU CGI handler via the proto argument.
Executive Summary:
A remote OS command injection vulnerability in the Totolink A7100RU router enables unauthenticated remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-6114
Affected Software: Totolink A7100RU
Affected Versions: 7.4cu.2313_b20191024
Vulnerability: The
setNetworkCfgfunction in/cgi-bin/cstecgi.cgifails to properly sanitize theprotoargument, allowing an unauthenticated attacker to inject and execute arbitrary OS commands.Business Impact
The CVSS score of 9.8 reflects the high probability and impact of this vulnerability. Compromise of the router allows for total network visibility and control, posing a dire risk to the confidentiality, integrity, and availability of all connected systems.
Remediation Plan
Immediate Action: Update the device to the most recent firmware version available from the manufacturer.
Proactive Monitoring: Monitor for anomalous system behavior and unauthorized configuration changes on the router.
Compensating Controls: Disable remote management interfaces and restrict access to the device's web management console to authorized personnel only.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of Apr 12, 2026, public exploit code is available for this vulnerability. The risk of exploitation is high; patching is mandatory.
Analyst Recommendation
This is a critical vulnerability that can be exploited remotely by unauthenticated attackers. Security teams must prioritize updating affected devices and limiting exposure to untrusted networks.