Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-6114 describes a critical command injection vulnerability affecting the Totolink A7100RU router running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024. This flaw allows attackers to remotely execute arbitrary operating system commands, potentially leading to complete system compromise. A public exploit is already available, significantly increasing the likelihood of exploitation. Immediate action is required to mitigate this risk.
The command injection vulnerability in Totolink A7100RU allows an attacker to execute arbitrary commands on the router's operating system. This means an attacker could gain full control of the device, including the ability to modify configurations, steal sensitive data (such as user credentials or network traffic logs), and potentially pivot to other devices on the network. Given the router's role as a gateway, a successful exploitation could compromise the entire internal network. The availability of a public exploit makes this vulnerability particularly dangerous, as attackers can readily leverage it without specialized skills. This is akin to vulnerabilities where default credentials are exposed, allowing immediate access.
CVE-2026-6114 is currently tracked on the NVD and was publicly disclosed on 2026-04-12. The existence of a public proof-of-concept significantly elevates the risk, indicating a high probability of exploitation. The EPSS score is likely to be assessed as high due to the ease of exploitation and potential impact. No known active campaigns have been publicly reported at this time, but the availability of the exploit suggests this could change rapidly.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
Due to the severity and public availability of an exploit, immediate action is crucial. While a patch is not yet available, several mitigation steps can reduce the risk. First, restrict external access to the router's management interface by implementing strong firewall rules and limiting access to trusted IP addresses. Secondly, monitor network traffic for unusual activity, particularly connections to the /cgi-bin/cstecgi.cgi endpoint. Consider implementing a Web Application Firewall (WAF) to filter malicious requests. Finally, if possible, segment the network to limit the potential blast radius of a successful attack. After implementing these mitigations, verify their effectiveness by attempting to access the vulnerable endpoint with a controlled payload.
Update the firmware of the Totolink A7100RU device to a patched version that resolves the operating system command injection vulnerability. Refer to the official Totolink website or contact technical support for the latest firmware version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6114 is a critical command injection vulnerability in the Totolink A7100RU router, allowing remote code execution via manipulation of the proto argument in the /cgi-bin/cstecgi.cgi endpoint.
You are affected if you are using a Totolink A7100RU router running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024.
While a patch is not yet available, mitigate the risk by restricting network access, monitoring traffic, and implementing a WAF.
A public exploit exists, indicating a high probability of active exploitation. Monitor your network closely.
Refer to the Totolink website and NVD for updates and official advisories regarding CVE-2026-6114.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.