theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-6113

Published April 12, 2026 · Updated April 12, 2026

9.8CVSS
critical
Official Description+

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. Monitor vendor advisories for updates and additional mitigations.
  4. Review logs for indicators of compromise related to CVE-2026-6113.