CVE-2026-6132

critical

Description

A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

References

https://www.totolink.net/

https://vuldb.com/vuln/356996/cti

https://vuldb.com/vuln/356996

https://vuldb.com/submit/792252

https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_183/README.md

Details

Source: Mitre, NVD

Published: 2026-04-12

Updated: 2026-04-12

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical