CVE-2026-6026

Critical

Published: 10 April 2026

Published

10 April 2026

Modified

27 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 55.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can…

be initiated remotely. The exploit has been released to the public and may be used for attacks.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, reporting, and timely correction of the OS command injection flaw in the Totolink router firmware.

SI-10 Information Input Validation good match

prevent

Prevents command injection exploitation by enforcing validation of the untrusted 'enable' argument at the vulnerable CGI input point.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Blocks unauthenticated remote access to the vulnerable setPortalConfWeChat CGI function by limiting permitted actions without identification and authentication.

Security SummaryAI

CVE-2026-6026 is an OS command injection vulnerability affecting the Totolink A7100RU router on firmware version 7.4cu.2313_b20191024. The flaw exists in the setPortalConfWeChat function of the /cgi-bin/cstecgi.cgi file within the CGI Handler component, where manipulation of the "enable" argument enables arbitrary OS command execution. Published on 2026-04-10, it is associated with CWE-77 and CWE-78 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.

The vulnerability is remotely exploitable by unauthenticated attackers requiring low attack complexity and no user interaction. Exploitation allows attackers to inject and execute arbitrary operating system commands on the affected device, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability, such as data theft, persistent access, or device disruption.

Advisories and references, including VulDB entries at vuldb.com/vuln/356602 and vuldb.com/submit/792047, document the issue and a related CTI analysis at vuldb.com/vuln/356602/cti. A GitHub repository at github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_171/README.md contains details and a publicly released exploit. The vendor site at totolink.net provides a potential source for firmware updates or mitigation guidance.

Notable context includes the public availability of an exploit, elevating the risk of real-world attacks against unpatched Totolink A7100RU devices.

Details

CWE(s): CWE-77 CWE-78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated remote exploitation of a public-facing web application (T1190) leading to arbitrary OS command execution on a likely Unix/Linux-based router (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_171/README.md
cna@vuldb.com
https://vuldb.com/submit/792047
cna@vuldb.com
https://vuldb.com/vuln/356602
cna@vuldb.com
https://vuldb.com/vuln/356602/cti
cna@vuldb.com
https://www.totolink.net/
cna@vuldb.com