CVE-2026-6195

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024

Description A security issue in the CGI Handler component allows for remote OS command injection. The problem exists in the setPasswordCfg() function within the '/cgi-bin/cstecgi.cgi' file. An unauthenticated attacker can exploit this by manipulating the admpass variable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/cstecgi.cgi' file or disable the setPasswordCfg() function to minimize the risk of exploitation.