Totolink Totolink

  1. Vendors
  2. Totolink

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Totolink product.

RSS Feeds for Totolink security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Totolink products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Totolink Sorted by Most Security Vulnerabilities since 2018

Totolink A7100ru Firmware64 vulnerabilities

Totolink X5000r Firmware41 vulnerabilities

Totolink A3300r Firmware39 vulnerabilities

Totolink X6000r Firmware36 vulnerabilities

Totolink A3700r Firmware31 vulnerabilities

Totolink X2000r Firmware30 vulnerabilities

Totolink A8000ru Firmware27 vulnerabilities

Totolink X15 Firmware25 vulnerabilities

Totolink Lr350 Firmware25 vulnerabilities

Totolink Ca300 Poe Firmware24 vulnerabilities

Totolink A3002r Firmware23 vulnerabilities

Totolink Ex1200t Firmware22 vulnerabilities

Totolink T8 Firmware22 vulnerabilities

Totolink A3600r Firmware20 vulnerabilities

Totolink Cp450 Firmware19 vulnerabilities

Totolink Ex200 Firmware18 vulnerabilities

Totolink N150rt Firmware15 vulnerabilities

Totolink Ex1800t Firmware15 vulnerabilities

Totolink T6 Firmware14 vulnerabilities

Totolink Nr1800x Firmware13 vulnerabilities

Totolink A6000r Firmware13 vulnerabilities

Totolink T10 Firmware11 vulnerabilities

Totolink X18 Firmware11 vulnerabilities

Totolink A702r Firmware10 vulnerabilities

Totolink Ca600 Poe Firmware10 vulnerabilities

Totolink A3100r Firmware10 vulnerabilities

Totolink A3002ru Firmware10 vulnerabilities

Totolink A810r Firmware10 vulnerabilities

Totolink A7000r Firmware9 vulnerabilities

Totolink Cp900l Firmware8 vulnerabilities

Totolink N300rt Firmware8 vulnerabilities

Totolink N300rh Firmware8 vulnerabilities

Totolink Cp900 Firmware7 vulnerabilities

Totolink A800r Firmware7 vulnerabilities

Totolink Ex1200l Firmware6 vulnerabilities

Totolink A720r Firmware6 vulnerabilities

Totolink N600r Firmware5 vulnerabilities

Totolink N350rt Firmware4 vulnerabilities

Totolink Wa300 Firmware3 vulnerabilities

Totolink A3000ru Firmware3 vulnerabilities

Totolink A830r Firmware3 vulnerabilities

Totolink A950rg Firmware3 vulnerabilities

Totolink Cp300 Firmware3 vulnerabilities

Totolink A3200r Firmware3 vulnerabilities

Totolink N200re V5 Firmware2 vulnerabilities

Totolink X182 vulnerabilities

Totolink Lr1200 Firmware2 vulnerabilities

Totolink Lr1200gb Firmware2 vulnerabilities

Totolink N302r Plus Firmware2 vulnerabilities

Totolink N100re Firmware1 vulnerability

Totolink N200re Firmware1 vulnerability

Totolink N302re Firmware1 vulnerability

Totolink Ar810r Firmware1 vulnerability

Totolink N302r Firmware1 vulnerability

Totolink N301rt Firmware1 vulnerability

Totolink A860r Firmware1 vulnerability

Totolink A3002ru V3 Firmware1 vulnerability

Totolink N300rb Firmware1 vulnerability

Totolink A6000ub Firmware1 vulnerability

By the Year

In 2026 there have been 110 vulnerabilities in Totolink with an average score of 8.6 out of ten. Last year, in 2025 Totolink had 253 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Totolink in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.55.




Year Vulnerabilities Average Score
2026 110 8.62
2025 253 8.07
2024 219 9.09
2023 105 9.65
2022 18 9.30
2021 0 0.00
2020 1 0.00

It may take a day or so for new Totolink vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-7548 May 01, 2026
Command Injection in Totolink NR1800X 9.1.0u.6279 Router A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Nr1800x Firmware
CVE-2026-7546 May 01, 2026
Totolink NR1800X 9.1.0u.6279_B20210910 lighttpd find_host_ip SB-Buffer Overflow A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. The impacted element is the function find_host_ip of the component lighttpd. Such manipulation of the argument Host leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Nr1800x Firmware
CVE-2026-7538 May 01, 2026
Totolink A8000RU 7.1cu.643 os Command Injection in /cgi-bin/cstecgi.cgi A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7244 Apr 28, 2026
Totolink A8000RU 7.1cu.643 OS CMD Injection via CgiHandler setWiFiEasyGuestCfg A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7243 Apr 28, 2026
OS Cmd Injection in Totolink A8000RU 7.1cu CGI setRadvd(maxRtrAdvInterval) A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7242 Apr 28, 2026
Totolink A8000RU 7.1cu.643 CLI Command Injection via setOpenVpnClientCfg A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7241 Apr 28, 2026
Command injection in Totolink A8000RU CGI Handler (before 7.1cu.643_b20200521) A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7240 Apr 28, 2026
Command Injection in Totolink A8000RU 7.1cu.643 CGI Handler A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7219 Apr 28, 2026
Totolink N300RT 3.4.0-B20250430: Remote Buffer Overflow via /boafrm/formIpQoS A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
N300rt Firmware
CVE-2026-7218 Apr 28, 2026
Totolink N300RT 3.4.0 buffer overflow in libapmib.so via localPin (remote) A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
N300rt Firmware
CVE-2026-7204 Apr 28, 2026
OS Command Injection in Totolink A8000RU v7.1cu.643 CGI setPptpServerCfg A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7203 Apr 28, 2026
OS Command Injection via setUrlFilterRules in Totolink A8000RU 7.1cu A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7202 Apr 27, 2026
Totolink A8000RU 7.1cu.643 os command injection via CGI Handler wscDisabled A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7156 Apr 27, 2026
OS Command Injection via HTTP Param in Totolink A8000RU 7.1cu.643 CGI Handler A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-7155 Apr 27, 2026
Totolink A8000RU 7.1cu.643 CGI Handler OSCI in setLoginPasswordCfg A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-7154 Apr 27, 2026
Totolink A8000RU CGI Handler cmdinject via tty_server (7.1cu.643) A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-7153 Apr 27, 2026
Totolink A8000RU 7.1cu.643_b20200521 OS Command Injection via CGI Handler A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-7152 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu CGI Handler (setTelnetCfg) A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7140 Apr 27, 2026
Outdated Totolink A8000RU 7.1cu.643_b20200521 CGI Handler OS Cmd Injection A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument HTTP leads to os command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7139 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu CGI Handler A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-7138 Apr 27, 2026
Totolink A8000RU 7.1cu.643 os Cmd Injection in setNtpCfg TZ A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The exploit is now public and may be used.
A8000ru Firmware
CVE-2026-7137 Apr 27, 2026
Totolink A8000RU 7.1cu CGI Handler OS Command Injection A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument sambaEnabled leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A8000ru Firmware
CVE-2026-7136 Apr 27, 2026
Totolink A8000RU 7.1cu.643_b20200521 OS Command Injection via WANIdx in cstecgi.cgi A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wanIdx can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A8000ru Firmware
CVE-2026-7125 Apr 27, 2026
Totolink A8000RU 7.1cu.643 CGI Handler cmd inject via merge A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
A8000ru Firmware
CVE-2026-7124 Apr 27, 2026
OS command injection via CGI in Totolink A8000RU 7.1cu.643 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument addrPrefixLen can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A8000ru Firmware
CVE-2026-7123 Apr 27, 2026
OS Command Injection via CGI Handler in Totolink A8000RU 7.1cu.643 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used.
A8000ru Firmware
CVE-2026-7122 Apr 27, 2026
Totolink A8000RU 7.1cu.643 Remote Cmd Injection via setUPnPCfg CGI Handler A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A8000ru Firmware
CVE-2026-7121 Apr 27, 2026
OS Command Injection in Totolink A8000RU 7.1cu.643 CGI Handler A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument wizard causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A8000ru Firmware
CVE-2026-7037 Apr 26, 2026
Totolink A8000RU 7.1cu OS Cmd Injn via setVpnPassCfg (pptpPassThru) A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
A8000ru Firmware
CVE-2026-31167 Apr 23, 2026
ToToLink A3300R v17.0.0cu.557 RCE via /cgi-bin/cstecgi.cgi An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.
A3300r Firmware
CVE-2026-6195 Apr 13, 2026
Remote OS Command Injection in Totolink A7100RU Router CGI setPasswordCfg 7.4cu A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6194 Apr 13, 2026
Totolink A3002MU B20211125.1046 HTTP ReqHandler Buffer Overflow A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-6168 Apr 13, 2026
Stack Buffer Overflow in TOTOLINK A7000R setWiFiEasyGuestCfg before 9.1.0u.6115 A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
A7000r Firmware
CVE-2026-6158 Apr 13, 2026
Totolink N300RH 6.1c OS Command Injection via setUpgradeUboot in upgrade.so A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
N300rh Firmware
CVE-2026-6157 Apr 13, 2026
Totolink A800R 4.1.2cu Buffer Overflow via apcliSsid (setAppEasyWizardConfig) A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
A800r Firmware
CVE-2026-6156 Apr 13, 2026
OS Command Injection in Totolink A7100RU 7.4cu CGI Handler (setIpQosRules) A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6155 Apr 13, 2026
TOTOLINK A7100RU 7.4cu.2313 CGI Cmd Injection via pppoeServiceName A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6154 Apr 13, 2026
OS Command Injection via setWizardCfg on Totolink A7100RU 7.4cu.2313 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
A7100ru Firmware
CVE-2026-6140 Apr 13, 2026
Totolink A7100RU 7.4cu.2313 Remote CGI Handler cmd Injection A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
A7100ru Firmware
CVE-2026-6139 Apr 13, 2026
Totolink A7100RU 7.4cu Command Injection via CGI UploadOpenVpnCert A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A7100ru Firmware
CVE-2026-6138 Apr 13, 2026
Totolink A7100RU 7.4cu.2313_b20191024 Remote CMD Injection via MAC arg A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
A7100ru Firmware
CVE-2026-6132 Apr 12, 2026
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI setLedCfg A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A7100ru Firmware
CVE-2026-6131 Apr 12, 2026
Totolink A7100RU 7.4cu.2313 os Command Injection via /cgi-bin/cstecgi.cgi A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
A7100ru Firmware
CVE-2026-6116 Apr 12, 2026
OS Command Injection in Totolink A7100RU CGI Handler before 7.4cu.2313 A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A7100ru Firmware
CVE-2026-6115 Apr 12, 2026
OS Command Injection in Totolink A7100RU 7.4cu.2313_b20191024 via CGI A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.
A7100ru Firmware
CVE-2026-6114 Apr 12, 2026
Totolink A7100RU 7.4cu OS Cmd Injection via setNetworkCfg proto A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-6113 Apr 12, 2026
Totolink A7100RU 7.4cu OS Command Injection via setTtyServiceCfg A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
CVE-2026-6112 Apr 12, 2026
Totolink A7100RU 7.4cu.2313_b20191024 CGI: maxRtrAdvInterval Command Injection A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A7100ru Firmware
CVE-2026-6029 Apr 10, 2026
Totolink A7100RU 7.4cu VPN-Cmdi via CGI_Handler A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
A7100ru Firmware
CVE-2026-6028 Apr 10, 2026
OS Command Injection in Totolink A7100RU CGI Handler 7.4cu.2313_b20191024 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
A7100ru Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.