Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6114 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6114 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6114 is a critical vulnerability in the Totolink A7100RU router (firmware version 7.4cu.2313_b20191024), specifically affecting the setNetworkCfg function within the CGI handler at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw resides in the setNetworkCfg function of the device's CGI-based web management interface, where insufficient input validation allows an attacker to supply malicious input that the handler processes without adequate sanitization. Based on the vulnerability class and CVSS score of 9.8, this is consistent with a stack-based or command injection vulnerability that could result in unauthenticated remote code execution (RCE) on the affected device. Successful exploitation would grant an attacker full control over the router, enabling network traffic interception, lateral movement into connected networks, or use of the device as a persistent foothold.

Exploitation Status

No known exploit code has been publicly identified at this time, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. The exploit maturity is assessed as no known exploit as of April 18, 2026. However, the critical CVSS score and the nature of the affected component, a consumer-grade router with a network-facing CGI interface, make this a high-priority target for future exploitation development.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence. Historically, vulnerabilities in SOHO and consumer routers from vendors such as Totolink have been leveraged by botnet operators and opportunistic threat actors targeting network edge devices, but no confirmed activity tied to this specific CVE has been reported.

What To Do

Organizations and individuals operating the Totolink A7100RU on firmware version 7.4cu.2313_b20191024 should check immediately for an updated firmware release from Totolink and apply it as a priority given the critical severity rating. If no patch is available, restrict access to the device's web management interface by disabling remote administration and limiting access to trusted internal hosts only. Network defenders should monitor for anomalous outbound traffic or unexpected configuration changes originating from this device. Given the age of the firmware build date (October 2019), organizations should evaluate whether this device remains within vendor support and consider replacement if patching is not feasible.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →