CVE-2026-6195

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Apr 13, 2026

Vendor unknown

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_198/README.md
https://vuldb.com/submit/797460
https://vuldb.com/vuln/357117
https://vuldb.com/vuln/357117/cti
https://www.totolink.net/