CVE-2026-6113

CRITICAL CVSS 9.8 View on NVD ↗

Description

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_178/README.md
https://vuldb.com/submit/792246
https://vuldb.com/vuln/356973
https://vuldb.com/vuln/356973/cti
https://www.totolink.net/

Published: Apr 12, 2026 04:16 UTC Modified: Apr 12, 2026 04:16 UTC