CVE-2026-6140
Received Received - Intake
OS Command Injection in Totolink A7100RU CGI Handler (Remote

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: VulDB

Description
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6140
EUVD
EUVD-2026-21766
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7100ru 7.4cu.2313_b20191024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the CVE-2026-6140 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The CVE-2026-6140 vulnerability affects the TOTOLINK A7100RU router, version 7.4cu.2313_b20191024. It is a command injection flaw located in the cstecgi.cgi component, specifically in the UploadFirmwareFile function.

An attacker can manipulate the 'FileName' parameter in a crafted HTTP POST request to /cgi-bin/cstecgi.cgi. This parameter is incorporated into a buffer and then executed by the system, allowing arbitrary operating system commands to run remotely on the router.

A proof of concept demonstrated that commands like 'wget' could be executed on the underlying OS, confirming the remote command execution capability.

Impact Analysis

This vulnerability allows an attacker to remotely execute arbitrary operating system commands on the affected TOTOLINK A7100RU router without any authentication.

Such remote command execution can lead to full compromise of the device, including unauthorized access, control over network traffic, installation of malware, or use of the router as a pivot point for further attacks within the network.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious HTTP POST requests sent to the endpoint /cgi-bin/cstecgi.cgi, specifically those containing a JSON payload with the "FileName" parameter. An attacker may attempt to inject OS commands via this parameter.

To detect exploitation attempts, you can use network monitoring tools or web server logs to look for POST requests with unusual or suspicious command strings in the "FileName" parameter.

Example command to capture such requests using tcpdump (replace <interface> with your network interface):

  • tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /cgi-bin/cstecgi.cgi'

Alternatively, you can use curl or similar tools to test the endpoint by sending crafted POST requests with the "FileName" parameter to see if the system executes commands.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /cgi-bin/cstecgi.cgi to trusted networks or IP addresses only.

Disable or block HTTP POST requests to the UploadFirmwareFile function if possible, or apply firewall rules to prevent exploitation attempts.

Monitor network traffic and logs for suspicious activity targeting the "FileName" parameter.

If available, update the firmware of the Totolink A7100RU router to a version that patches this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6140. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart