Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-6115 describes a critical command injection vulnerability affecting the Totolink A7100RU router. This flaw allows an attacker to execute arbitrary operating system commands on the device, potentially leading to complete system compromise. The vulnerability impacts versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a public exploit is already available.
Successful exploitation of CVE-2026-6115 grants an attacker complete control over the affected Totolink A7100RU router. This includes the ability to modify router configurations, intercept network traffic, install malware, and pivot to other devices on the network. Given the router's role as a gateway, a compromised device can serve as a launchpad for broader attacks against the internal network. The availability of a public exploit significantly increases the risk of widespread exploitation, particularly targeting home and small business networks relying on this router model. The potential for data exfiltration and disruption is high.
CVE-2026-6115 has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The vulnerability was published on 2026-04-12. The exploit's public availability makes it accessible to a wide range of attackers, including those with limited technical skills. It is not currently listed on CISA KEV, but its severity and ease of exploitation warrant close monitoring. Active campaigns targeting this vulnerability are likely.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6115 is to upgrade the Totolink A7100RU to a patched firmware version as soon as it becomes available. Until a patch is released, consider segmenting the router from sensitive internal resources using firewall rules. Implement strict access control lists (ACLs) to limit external access to the router's management interface. Monitor network traffic for unusual activity, particularly connections to external command and control servers. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the /cgi-bin/cstecgi.cgi endpoint. No specific Sigma or YARA rules are currently available, but monitoring for unusual process executions (e.g., nc, curl, wget) originating from the router's management interface is recommended.
Update the Totolink A7100RU device firmware to a version corrected by the manufacturer. Refer to the official Totolink website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6115 is a critical command injection vulnerability in the Totolink A7100RU router, allowing attackers to execute OS commands remotely.
You are affected if you are using a Totolink A7100RU router running versions 7.4cu.2313b20191024–7.4cu.2313b20191024.
Upgrade to the latest firmware version as soon as it's available. Until then, restrict network access and monitor for suspicious activity.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Please refer to the Totolink website for the latest security advisories regarding CVE-2026-6115.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.