CVE-2026-6113

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 12, 2026

Vendor unknown

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_178/README.md
https://vuldb.com/submit/792246
https://vuldb.com/vuln/356973
https://vuldb.com/vuln/356973/cti
https://www.totolink.net/