CVE-2026-6029

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A vulnerability exists in the Totolink A7100RU router. The setVpnAccountCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to OS command injection through manipulation of the User parameter. This allows for remote execution of commands. The exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /cgi-bin/cstecgi.cgi file.