CVE 9.3 CRITICAL

Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection_CVE-2026-6112

April 12, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

AI Analysis

OS command injection vulnerability in Totolink A7100RU via the setRadvdCfg function in the CGI Handler

Basic Information

ID CVE-2026-6112

Source VulDB

Published Apr 12, 2026 at 02:45

Affected Product

Vendor Totolink

Product A7100RU

Version 7.4cu.2313_b20191024

Affected Versions Totolink A7100RU 7.4cu.2313_b20191024

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Totolink

Product A7100RU

Version 7.4cu.2313_b20191024

References

{
    "lastseen": "",
    "description": "A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.",
    "published": "2026-04-12T02:45:13.694Z",
    "modified": "2026-04-12T02:45:13.694Z",
    "type": "cve",
    "title": "Totolink A7100RU CGI cstecgi.cgi setRadvdCfg os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/356972\nhttps://vuldb.com/vuln/356972/cti\nhttps://vuldb.com/submit/792245\nhttps://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_177/README.md\nhttps://www.totolink.net/",
    "id": "CVE-2026-6112",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Totolink A7100RU 7.4cu.2313_b20191024",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "A7100RU",
    "version": "7.4cu.2313_b20191024",
    "vendor": "Totolink",
    "ai_description": "OS command injection vulnerability in Totolink A7100RU via the setRadvdCfg function in the CGI Handler",
    "ai_severity": "Critical",
    "ai_vendor": "Totolink",
    "ai_product": "A7100RU",
    "ai_version": "7.4cu.2313_b20191024",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply