CVE-2026-6025
Published April 10, 2026 · Updated April 10, 2026
What This Means
CVE-2026-6025 is a critical vulnerability in the Totolink A7100RU router firmware version 7.4cu.2313_b20191024, which allows for remote OS command injection via the function setSyslogCfg in the CGI Handler at /cgi-bin/cstecgi.cgi. This vulnerability has a CVSS score of 9.8, indicating severe risks associated with exploitation. Security teams should immediately assess their Totolink A7100RU devices for this firmware version, apply any available patches, and implement network segmentation to limit exposure while monitoring for potential exploitation attempts.
Official Description+
A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-6025.