CVE-2026-6028

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A security issue exists in the Totolink A7100RU router. The setPptpServerCfg function within the /cgi-bin/cstecgi.cgi file, part of the CGI Handler component, is susceptible to OS command injection through the enable parameter. This allows for remote execution of commands. The vulnerability has been publicly disclosed and an exploit is available.

Recommendations For Totolink A7100RU version 7.4cu.2313 b20191024, at the moment, there is no information about a newer version that contains a fix for this vulnerability.