CVE-2026-6116

CRITICAL CVSS 9.8 View on NVD ↗

Description

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_181/README.md
https://vuldb.com/submit/792249
https://vuldb.com/vuln/356976
https://vuldb.com/vuln/356976/cti
https://www.totolink.net/

Published: Apr 12, 2026 05:16 UTC Modified: Apr 12, 2026 05:16 UTC