Totolink A7100ru Firmware
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Totolink A7100ru Firmware.
By the Year
In 2026 there have been 40 vulnerabilities in Totolink A7100ru Firmware with an average score of 9.4 out of ten. A7100ru Firmware did not have any published security vulnerabilities last year. That is, 40 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 40 | 9.36 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 20 | 9.80 |
| 2022 | 4 | 9.80 |
It may take a day or so for new A7100ru Firmware vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Totolink A7100ru Firmware Security Vulnerabilities
Remote OS Command Injection in Totolink A7100RU Router CGI setPasswordCfg 7.4cu
CVE-2026-6195
9.8 - Critical
- April 13, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Shell injection
OS Command Injection in Totolink A7100RU 7.4cu CGI Handler (setIpQosRules)
CVE-2026-6156
9.8 - Critical
- April 13, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Shell injection
TOTOLINK A7100RU 7.4cu.2313 CGI Cmd Injection via pppoeServiceName
CVE-2026-6155
9.8 - Critical
- April 13, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
OS Command Injection via setWizardCfg on Totolink A7100RU 7.4cu.2313
CVE-2026-6154
9.8 - Critical
- April 13, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
Totolink A7100RU 7.4cu.2313 Remote CGI Handler cmd Injection
CVE-2026-6140
9.8 - Critical
- April 13, 2026
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Shell injection
Totolink A7100RU 7.4cu Command Injection via CGI UploadOpenVpnCert
CVE-2026-6139
9.8 - Critical
- April 13, 2026
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Shell injection
Totolink A7100RU 7.4cu.2313_b20191024 Remote CMD Injection via MAC arg
CVE-2026-6138
9.8 - Critical
- April 13, 2026
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI setLedCfg
CVE-2026-6132
9.8 - Critical
- April 12, 2026
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Shell injection
Totolink A7100RU 7.4cu.2313 os Command Injection via /cgi-bin/cstecgi.cgi
CVE-2026-6131
9.8 - Critical
- April 12, 2026
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
Shell injection
OS Command Injection in Totolink A7100RU CGI Handler before 7.4cu.2313
CVE-2026-6116
9.8 - Critical
- April 12, 2026
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Shell injection
OS Command Injection in Totolink A7100RU 7.4cu.2313_b20191024 via CGI
CVE-2026-6115
9.8 - Critical
- April 12, 2026
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.
Shell injection
Totolink A7100RU 7.4cu OS Cmd Injection via setNetworkCfg proto
CVE-2026-6114
9.8 - Critical
- April 12, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.
Shell injection
Totolink A7100RU 7.4cu OS Command Injection via setTtyServiceCfg
CVE-2026-6113
9.8 - Critical
- April 12, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Shell injection
Totolink A7100RU 7.4cu.2313_b20191024 CGI: maxRtrAdvInterval Command Injection
CVE-2026-6112
9.8 - Critical
- April 12, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
Totolink A7100RU 7.4cu VPN-Cmdi via CGI_Handler
CVE-2026-6029
9.8 - Critical
- April 10, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
Shell injection
OS Command Injection in Totolink A7100RU CGI Handler 7.4cu.2313_b20191024
CVE-2026-6028
9.8 - Critical
- April 10, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Shell injection
Remote OSCmdInject via CGI Handler in Totolink A7100RU 7.4cu 2313
CVE-2026-6027
9.8 - Critical
- April 10, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection in CGI Handler
CVE-2026-6026
9.8 - Critical
- April 10, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
OS Command Injection via CGI Handler in Totolink A7100RU 7.4cu.2313
CVE-2026-6025
9.8 - Critical
- April 10, 2026
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Shell injection
OS Command Injection via admpass in Totolink A7100RU 7.4cu.2313 CGI Handler
CVE-2026-5997
9.8 - Critical
- April 10, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Shell injection
OS Command Injection in Totolink A7100RU 7.4cu.2313 CGI via tty_server
CVE-2026-5996
9.8 - Critical
- April 10, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tty_server leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Shell injection
Totolink A7100RU 7.4cu os command injection via CGI setMiniuiHomeInfoShow
CVE-2026-5995
9.8 - Critical
- April 10, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument lan_info can lead to os command injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Shell injection
Totolink A7100RU 7.4cu CGI Handler NoS Exec via telnet_enabled
CVE-2026-5994
9.8 - Critical
- April 10, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnet_enabled results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
Totolink A7100RU 7.4cu.2313_b20191024 - CGI OS Command Injection via wifiOff
CVE-2026-5993
9.8 - Critical
- April 10, 2026
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI Handler
CVE-2026-5978
9.8 - Critical
- April 09, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Shell injection
Totolink A7100RU 7.4cu.2313 os Command Injection via wifiOff CGI
CVE-2026-5977
9.8 - Critical
- April 09, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection via CGI Handler
CVE-2026-5976
9.8 - Critical
- April 09, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
Totolink A7100RU 7.4cu.2313 CGI Handler Command Injection
CVE-2026-5975
9.8 - Critical
- April 09, 2026
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wanIdx leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection via cstecgi.cgi
CVE-2026-5854
9.8 - Critical
- April 09, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Shell injection
Totolink A7100RU 7.4cu: CGI cmd injection setIpv6LanCfg (addrPrefixLen)
CVE-2026-5853
9.8 - Critical
- April 09, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Shell injection
Totolink A7100RU OS Command Injection in CGI Handler igmpVer - 7.4cu.2313
CVE-2026-5852
9.8 - Critical
- April 09, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
Remote OS Command Injection via CGI in Totolink A7100RU (7.4cu.2313_b20191024)
CVE-2026-5851
9.8 - Critical
- April 09, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
Totolink A7100RU 7.4cu OS Command Injection via setVpnPassCfg (pptpPassThru)
CVE-2026-5850
9.8 - Critical
- April 09, 2026
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Shell injection
Totolink A7100RU 7.4cu OS Command Injection via setGameSpeedCfg
CVE-2026-5692
7.3 - High
- April 06, 2026
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
Shell injection
Totolink A7100RU 7.4cu.2313 OS Command Injection via setFirewallType
CVE-2026-5691
7.3 - High
- April 06, 2026
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Shell injection
Totolink A7100RU 7.4cu OS Command Injection via setRemoteCfg
CVE-2026-5690
7.3 - High
- April 06, 2026
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.
Shell injection
Totolink A7100RU OS Command Injection via setNtpCfg (v7.4cu)
CVE-2026-5689
7.3 - High
- April 06, 2026
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Shell injection
Totolink A7100RU 7.4cu os cmd injection via setDdnsCfg CGI
CVE-2026-5688
7.3 - High
- April 06, 2026
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Shell injection
Totolink A7100RU 7.4cu Command Injection in cstecgi.cgi setScheduleCfg
CVE-2026-5678
7.3 - High
- April 06, 2026
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Shell injection
Totolink A7100RU 7.4cu Remote OS Command Injection via cstecgi.cgi
CVE-2026-5677
7.3 - High
- April 06, 2026
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Shell injection
TOTOLink A7100RU V7.4cu 2313_B20191024 Cmd Inject via staticGw
CVE-2023-33556
9.8 - Critical
- June 07, 2023
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
Command Injection
CmdInject in TOTOLINK A7100RU V7.4cu.2313 root shell
CVE-2023-30054
9.8 - Critical
- May 05, 2023
TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.
Shell injection
Command Injection in Totolink A7100RU V7.4cu.2313_B20191024
CVE-2023-30053
9.8 - Critical
- May 05, 2023
TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.
Shell injection
Command Injection in TotoLink A7100RU 7.4cu via pppoeAcName in setWanIeCfg
CVE-2023-26978
9.8 - Critical
- April 07, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.
Command Injection
Cmd Injection via org param in TOTOlink A7100RU 7.4cu.2313
CVE-2023-26848
9.8 - Critical
- April 07, 2023
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.
Command Injection
TOTOlink A7100RU Firmware <7.4cu> cmd-inj via wanStrategy at /setting/setWanIeCfg
CVE-2023-27232
9.8 - Critical
- March 28, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.
Command Injection
Command Injection in TOTOlink A7100RU 7.4cu via upBw param CVE-2023-27229
CVE-2023-27229
9.8 - Critical
- March 28, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.
Command Injection
Command Injection in TOTOLINK A7100RU 7.4cu.2313 via downBw
CVE-2023-27231
9.8 - Critical
- March 28, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.
Command Injection
Cmd Injection in TOTOlink A7100RU v7.4 via enabled param
CVE-2023-27135
9.8 - Critical
- March 23, 2023
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.
Command Injection
Command Injection in TOTOLink A7100RU 7.4cu.2313_B20191024 firmware
CVE-2023-24184
9.8 - Critical
- February 21, 2023
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Totolink A7100ru Firmware or by Totolink? Click the Watch button to subscribe.
