Totolink A7100ru Firmware

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Totolink A7100ru Firmware.

By the Year

In 2026 there have been 7 vulnerabilities in Totolink A7100ru Firmware with an average score of 7.3 out of ten. A7100ru Firmware did not have any published security vulnerabilities last year. That is, 7 more vulnerabilities have already been reported in 2026 as compared to last year.

Year	Vulnerabilities	Average Score
2026	7	7.30
2025	0	0.00
2024	0	0.00
2023	20	9.80
2022	4	9.80

It may take a day or so for new A7100ru Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Totolink A7100ru Firmware Security Vulnerabilities

Totolink A7100RU 7.4cu OS Command Injection via setGameSpeedCfg
CVE-2026-5692 7.3 - High - April 06, 2026

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.

Shell injection

Totolink A7100RU 7.4cu.2313 OS Command Injection via setFirewallType
CVE-2026-5691 7.3 - High - April 06, 2026

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Shell injection

Totolink A7100RU 7.4cu OS Command Injection via setRemoteCfg
CVE-2026-5690 7.3 - High - April 06, 2026

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.

Shell injection

Totolink A7100RU OS Command Injection via setNtpCfg (v7.4cu)
CVE-2026-5689 7.3 - High - April 06, 2026

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Shell injection

Totolink A7100RU 7.4cu os cmd injection via setDdnsCfg CGI
CVE-2026-5688 7.3 - High - April 06, 2026

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Shell injection

Totolink A7100RU 7.4cu Command Injection in cstecgi.cgi setScheduleCfg
CVE-2026-5678 7.3 - High - April 06, 2026

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Shell injection

Totolink A7100RU 7.4cu Remote OS Command Injection via cstecgi.cgi
CVE-2026-5677 7.3 - High - April 06, 2026

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Shell injection

TOTOLink A7100RU V7.4cu 2313_B20191024 Cmd Inject via staticGw
CVE-2023-33556 9.8 - Critical - June 07, 2023

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.

Command Injection

CmdInject in TOTOLINK A7100RU V7.4cu.2313 root shell
CVE-2023-30054 9.8 - Critical - May 05, 2023

TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.

Shell injection

Command Injection in Totolink A7100RU V7.4cu.2313_B20191024
CVE-2023-30053 9.8 - Critical - May 05, 2023

TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.

Shell injection

Command Injection in TotoLink A7100RU 7.4cu via pppoeAcName in setWanIeCfg
CVE-2023-26978 9.8 - Critical - April 07, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.

Command Injection

Cmd Injection via org param in TOTOlink A7100RU 7.4cu.2313
CVE-2023-26848 9.8 - Critical - April 07, 2023

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.

Command Injection

TOTOlink A7100RU Firmware <7.4cu> cmd-inj via wanStrategy at /setting/setWanIeCfg
CVE-2023-27232 9.8 - Critical - March 28, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.

Command Injection

Command Injection in TOTOLINK A7100RU 7.4cu.2313 via downBw
CVE-2023-27231 9.8 - Critical - March 28, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.

Command Injection

Command Injection in TOTOlink A7100RU 7.4cu via upBw param CVE-2023-27229
CVE-2023-27229 9.8 - Critical - March 28, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.

Command Injection

Cmd Injection in TOTOlink A7100RU v7.4 via enabled param
CVE-2023-27135 9.8 - Critical - March 23, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.

Command Injection

Command Injection in TOTOLink A7100RU 7.4cu.2313_B20191024 firmware
CVE-2023-24184 9.8 - Critical - February 21, 2023

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.

Command Injection

Command Injection via city param in TOTOlink A7100RU V7.4 delStaticDhcpRules
CVE-2023-24238 9.8 - Critical - February 16, 2023

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

Command Injection

Command Injection in TOTOlink A7100RU (V7.4cu.2313_B20191024) via setting/delStaticDhcpRules
CVE-2023-24236 9.8 - Critical - February 16, 2023

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.

Command Injection

TOTOlink A7100RU V7.4cu.2313 Command Injection via Country Param (delStaticDhcpRules)
CVE-2023-24276 9.8 - Critical - February 06, 2023

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.

Command Injection

Cmd injection in TOTOlink A7100RU v7.4 via username in setOpenVpnCfg
CVE-2022-48126 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.

Shell injection

CVE-2022-48121 Command Injection via rsabits in TOTOlink A7100RU V7.4cu.2313
CVE-2022-48121 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.

Shell injection

Command Injection via dayvalid in TOTOlink A7100RU V7.4cu.2313_B20191024
CVE-2022-48122 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.

Shell injection

Cmd injection in TOTOlink A7100RU V7.4 via servername param
CVE-2022-48123 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.

Shell injection

TOTOlink A7100RU V7.4cu.2313_CmdInjection via FileName param
CVE-2022-48124 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.

Shell injection

Cmd Injection via password in TOTOlink A7100RU V7.4cu
CVE-2022-48125 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.

Shell injection

Command Injection in TOTOlink A7100RU V7.4cu.2313 via httpd
CVE-2022-47853 9.8 - Critical - January 17, 2023

TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

Shell injection

Command Injection in TOTOlink A7100RU V7.4cu.2313 via wscDisabled
CVE-2022-46634 9.8 - Critical - December 15, 2022

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.

Shell injection

TOTOlink A7100RU V7.4cu: command injection via wscDisabled (setWiFiSignalCfg)
CVE-2022-46631 9.8 - Critical - December 15, 2022

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.

Shell injection

Command Injection via pass param in TOTOlink A7100RU 7.4cu
CVE-2022-44844 9.8 - Critical - November 25, 2022

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.

Shell injection

TotoLink A7100RU 7.4cu.2313_B20191024 cmd injection via port param
CVE-2022-44843 9.8 - Critical - November 25, 2022

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Totolink A7100ru Firmware or by Totolink? Click the Watch button to subscribe.

Totolink
Vendor

Totolink A7100ru Firmware
Product

Totolink A7100ru Firmware

Don't miss out!

By the Year

Recent Totolink A7100ru Firmware Security Vulnerabilities

Totolink A7100RU 7.4cu OS Command Injection via setGameSpeedCfg CVE-2026-5692 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu.2313 OS Command Injection via setFirewallType CVE-2026-5691 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu OS Command Injection via setRemoteCfg CVE-2026-5690 7.3 - High - April 06, 2026

Totolink A7100RU OS Command Injection via setNtpCfg (v7.4cu) CVE-2026-5689 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu os cmd injection via setDdnsCfg CGI CVE-2026-5688 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu Command Injection in cstecgi.cgi setScheduleCfg CVE-2026-5678 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu Remote OS Command Injection via cstecgi.cgi CVE-2026-5677 7.3 - High - April 06, 2026

TOTOLink A7100RU V7.4cu 2313_B20191024 Cmd Inject via staticGw CVE-2023-33556 9.8 - Critical - June 07, 2023

CmdInject in TOTOLINK A7100RU V7.4cu.2313 root shell CVE-2023-30054 9.8 - Critical - May 05, 2023

Command Injection in Totolink A7100RU V7.4cu.2313_B20191024 CVE-2023-30053 9.8 - Critical - May 05, 2023

Command Injection in TotoLink A7100RU 7.4cu via pppoeAcName in setWanIeCfg CVE-2023-26978 9.8 - Critical - April 07, 2023

Cmd Injection via org param in TOTOlink A7100RU 7.4cu.2313 CVE-2023-26848 9.8 - Critical - April 07, 2023

TOTOlink A7100RU Firmware <7.4cu> cmd-inj via wanStrategy at /setting/setWanIeCfg CVE-2023-27232 9.8 - Critical - March 28, 2023

Command Injection in TOTOLINK A7100RU 7.4cu.2313 via downBw CVE-2023-27231 9.8 - Critical - March 28, 2023

Command Injection in TOTOlink A7100RU 7.4cu via upBw param CVE-2023-27229 CVE-2023-27229 9.8 - Critical - March 28, 2023

Cmd Injection in TOTOlink A7100RU v7.4 via enabled param CVE-2023-27135 9.8 - Critical - March 23, 2023

Command Injection in TOTOLink A7100RU 7.4cu.2313_B20191024 firmware CVE-2023-24184 9.8 - Critical - February 21, 2023

Command Injection via city param in TOTOlink A7100RU V7.4 delStaticDhcpRules CVE-2023-24238 9.8 - Critical - February 16, 2023

Command Injection in TOTOlink A7100RU (V7.4cu.2313_B20191024) via setting/delStaticDhcpRules CVE-2023-24236 9.8 - Critical - February 16, 2023

TOTOlink A7100RU V7.4cu.2313 Command Injection via Country Param (delStaticDhcpRules) CVE-2023-24276 9.8 - Critical - February 06, 2023

Cmd injection in TOTOlink A7100RU v7.4 via username in setOpenVpnCfg CVE-2022-48126 9.8 - Critical - January 20, 2023

CVE-2022-48121 Command Injection via rsabits in TOTOlink A7100RU V7.4cu.2313 CVE-2022-48121 9.8 - Critical - January 20, 2023

Command Injection via dayvalid in TOTOlink A7100RU V7.4cu.2313_B20191024 CVE-2022-48122 9.8 - Critical - January 20, 2023

Cmd injection in TOTOlink A7100RU V7.4 via servername param CVE-2022-48123 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_CmdInjection via FileName param CVE-2022-48124 9.8 - Critical - January 20, 2023

Cmd Injection via password in TOTOlink A7100RU V7.4cu CVE-2022-48125 9.8 - Critical - January 20, 2023

Command Injection in TOTOlink A7100RU V7.4cu.2313 via httpd CVE-2022-47853 9.8 - Critical - January 17, 2023

Command Injection in TOTOlink A7100RU V7.4cu.2313 via wscDisabled CVE-2022-46634 9.8 - Critical - December 15, 2022

TOTOlink A7100RU V7.4cu: command injection via wscDisabled (setWiFiSignalCfg) CVE-2022-46631 9.8 - Critical - December 15, 2022

Command Injection via pass param in TOTOlink A7100RU 7.4cu CVE-2022-44844 9.8 - Critical - November 25, 2022

TotoLink A7100RU 7.4cu.2313_B20191024 cmd injection via port param CVE-2022-44843 9.8 - Critical - November 25, 2022

Stay on top of Security Vulnerabilities

Totolink Vendor

Totolink A7100ru FirmwareProduct

Totolink A7100RU 7.4cu OS Command Injection via setGameSpeedCfg
CVE-2026-5692 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu.2313 OS Command Injection via setFirewallType
CVE-2026-5691 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu OS Command Injection via setRemoteCfg
CVE-2026-5690 7.3 - High - April 06, 2026

Totolink A7100RU OS Command Injection via setNtpCfg (v7.4cu)
CVE-2026-5689 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu os cmd injection via setDdnsCfg CGI
CVE-2026-5688 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu Command Injection in cstecgi.cgi setScheduleCfg
CVE-2026-5678 7.3 - High - April 06, 2026

Totolink A7100RU 7.4cu Remote OS Command Injection via cstecgi.cgi
CVE-2026-5677 7.3 - High - April 06, 2026

TOTOLink A7100RU V7.4cu 2313_B20191024 Cmd Inject via staticGw
CVE-2023-33556 9.8 - Critical - June 07, 2023

CmdInject in TOTOLINK A7100RU V7.4cu.2313 root shell
CVE-2023-30054 9.8 - Critical - May 05, 2023

Command Injection in Totolink A7100RU V7.4cu.2313_B20191024
CVE-2023-30053 9.8 - Critical - May 05, 2023

Command Injection in TotoLink A7100RU 7.4cu via pppoeAcName in setWanIeCfg
CVE-2023-26978 9.8 - Critical - April 07, 2023

Cmd Injection via org param in TOTOlink A7100RU 7.4cu.2313
CVE-2023-26848 9.8 - Critical - April 07, 2023

TOTOlink A7100RU Firmware <7.4cu> cmd-inj via wanStrategy at /setting/setWanIeCfg
CVE-2023-27232 9.8 - Critical - March 28, 2023

Command Injection in TOTOLINK A7100RU 7.4cu.2313 via downBw
CVE-2023-27231 9.8 - Critical - March 28, 2023

Command Injection in TOTOlink A7100RU 7.4cu via upBw param CVE-2023-27229
CVE-2023-27229 9.8 - Critical - March 28, 2023

Cmd Injection in TOTOlink A7100RU v7.4 via enabled param
CVE-2023-27135 9.8 - Critical - March 23, 2023

Command Injection in TOTOLink A7100RU 7.4cu.2313_B20191024 firmware
CVE-2023-24184 9.8 - Critical - February 21, 2023

Command Injection via city param in TOTOlink A7100RU V7.4 delStaticDhcpRules
CVE-2023-24238 9.8 - Critical - February 16, 2023

Command Injection in TOTOlink A7100RU (V7.4cu.2313_B20191024) via setting/delStaticDhcpRules
CVE-2023-24236 9.8 - Critical - February 16, 2023

TOTOlink A7100RU V7.4cu.2313 Command Injection via Country Param (delStaticDhcpRules)
CVE-2023-24276 9.8 - Critical - February 06, 2023

Cmd injection in TOTOlink A7100RU v7.4 via username in setOpenVpnCfg
CVE-2022-48126 9.8 - Critical - January 20, 2023

CVE-2022-48121 Command Injection via rsabits in TOTOlink A7100RU V7.4cu.2313
CVE-2022-48121 9.8 - Critical - January 20, 2023

Command Injection via dayvalid in TOTOlink A7100RU V7.4cu.2313_B20191024
CVE-2022-48122 9.8 - Critical - January 20, 2023

Cmd injection in TOTOlink A7100RU V7.4 via servername param
CVE-2022-48123 9.8 - Critical - January 20, 2023

TOTOlink A7100RU V7.4cu.2313_CmdInjection via FileName param
CVE-2022-48124 9.8 - Critical - January 20, 2023

Cmd Injection via password in TOTOlink A7100RU V7.4cu
CVE-2022-48125 9.8 - Critical - January 20, 2023

Command Injection in TOTOlink A7100RU V7.4cu.2313 via httpd
CVE-2022-47853 9.8 - Critical - January 17, 2023

Command Injection in TOTOlink A7100RU V7.4cu.2313 via wscDisabled
CVE-2022-46634 9.8 - Critical - December 15, 2022

TOTOlink A7100RU V7.4cu: command injection via wscDisabled (setWiFiSignalCfg)
CVE-2022-46631 9.8 - Critical - December 15, 2022

Command Injection via pass param in TOTOlink A7100RU 7.4cu
CVE-2022-44844 9.8 - Critical - November 25, 2022

TotoLink A7100RU 7.4cu.2313_B20191024 cmd injection via port param
CVE-2022-44843 9.8 - Critical - November 25, 2022

Totolink
Vendor

Totolink A7100ru Firmware
Product