What is CVE-2026-6114?

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a ...

How severe is CVE-2026-6114?

CVE-2026-6114 is rated critical severity with a CVSS score of 9.8 out of 10.

What products are affected by CVE-2026-6114?

CVE-2026-6114 affects multiple products. Check vendor advisories for specific affected versions.

How do I fix CVE-2026-6114?

Apply the latest security patches from the vendor. If patching is not immediately possible, review the mitigation steps in this advisory and monitor for exploitation attempts.

CVE-2026-6114: Totolink A7100RU Command Injection

Patch now - CVE-2026-6114 is a critical command injection vulnerability in the Totolink A7100RU wireless router that grants unauthenticated remote code execution via the setNetworkCfg CGI handler. Update immediately to the latest firmware to block exploit attempts.

Overview

A critical command injection vulnerability, CVE-2026-6114, affects the Totolink A7100RU wireless router. The flaw resides in the setNetworkCfg function within the /cgi-bin/cstecgi.cgi file, allowing an unauthenticated attacker to inject and execute arbitrary operating system commands by manipulating the proto argument. With a CVSS score of 9.8, this vulnerability represents a severe risk to network security.

Technical Details

The vulnerability exists in the router’s CGI handler, a component that processes web requests for device management. By sending a specially crafted network request to the vulnerable endpoint, an attacker can escape the intended function and pass commands directly to the router’s underlying operating system. The attack can be launched remotely over the network without any authentication or user interaction, making it trivial to exploit.

Impact

Successful exploitation grants an attacker complete control over the affected router. This can lead to a full compromise of the local network, including intercepting or redirecting user traffic, deploying malware to connected devices, using the router in botnets, or persisting access even after a device reboot. The public availability of a proof-of-concept (PoC) exploit significantly increases the likelihood of widespread attack attempts.

Remediation and Mitigation

Totolink has released a firmware update to address this vulnerability. Users of the A7100RU router with firmware version 7.4cu.2313_b20191024 must take immediate action.

Primary Action: Upgrade the router’s firmware to the latest version provided by Totolink. Consult the vendor’s official support portal for the patch.
Immediate Mitigation: If a patch cannot be applied immediately, restrict management access to the router’s web interface. Ensure it is not exposed to the public internet (WAN) and is only accessible from the trusted local area network (LAN).
Monitoring: Review router logs for any suspicious activity or unauthorized configuration changes. For more on the evolving threat landscape, follow our security news coverage.

Security Insight

This vulnerability highlights the persistent security challenges in consumer and SOHO network equipment, where CGI-based management interfaces remain a common attack surface. Similar flaws in other vendors’ routers have historically led to large-scale botnet recruitment. The public PoC for CVE-2026-6114 will accelerate reverse engineering, likely leading to exploits for other Totolink models, underscoring the need for vendors to perform rigorous security testing on all management functions.

CVE-2026-6114: Totolink A7100RU Command Injection - PoC Available

Overview

Technical Details

Impact

Remediation and Mitigation

Security Insight

Further Reading

Never miss a critical vulnerability

Related Advisories

Overview

Technical Details

Impact

Remediation and Mitigation

Security Insight

Further Reading

Never miss a critical vulnerability

Related Advisories

Never Miss a Critical Alert