CVE-2026-6026
Published: 10 April 2026
Summary
CVE-2026-6026 is a critical-severity Command Injection (CWE-77) vulnerability in Totolink A7100RU (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring identification, reporting, and timely correction of the OS command injection flaw in the Totolink router firmware.
Prevents command injection exploitation by enforcing validation of the untrusted 'enable' argument at the vulnerable CGI input point.
Blocks unauthenticated remote access to the vulnerable setPortalConfWeChat CGI function by limiting permitted actions without identification and authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote exploitation of a public-facing web application (T1190) leading to arbitrary OS command execution on a likely Unix/Linux-based router (T1059.004).
NVD Description
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can…
more
be initiated remotely. The exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2026-6026 is an OS command injection vulnerability affecting the Totolink A7100RU router on firmware version 7.4cu.2313_b20191024. The flaw exists in the setPortalConfWeChat function of the /cgi-bin/cstecgi.cgi file within the CGI Handler component, where manipulation of the "enable" argument enables arbitrary OS command execution. Published on 2026-04-10, it is associated with CWE-77 and CWE-78 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical.
The vulnerability is remotely exploitable by unauthenticated attackers requiring low attack complexity and no user interaction. Exploitation allows attackers to inject and execute arbitrary operating system commands on the affected device, potentially leading to full compromise with high impacts on confidentiality, integrity, and availability, such as data theft, persistent access, or device disruption.
Advisories and references, including VulDB entries at vuldb.com/vuln/356602 and vuldb.com/submit/792047, document the issue and a related CTI analysis at vuldb.com/vuln/356602/cti. A GitHub repository at github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_171/README.md contains details and a publicly released exploit. The vendor site at totolink.net provides a potential source for firmware updates or mitigation guidance.
Notable context includes the public availability of an exploit, elevating the risk of real-world attacks against unpatched Totolink A7100RU devices.
Details
- CWE(s)