Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6115 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6115 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6115 is a critical command injection vulnerability affecting the Totolink A7100RU router (firmware version 7.4cu.2313_b20191024), specifically within the setAppCfg function of the CGI handler located at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw exists in the setAppCfg function, which fails to properly sanitize user-supplied input passed through CGI arguments, enabling an attacker to inject arbitrary operating system commands via a crafted HTTP request to the affected endpoint. Because the CGI handler typically runs with elevated privileges on embedded Linux-based router firmware, successful exploitation likely results in unauthenticated remote code execution (RCE) with root-level access on the device. The attack surface is network-accessible, and given the nature of consumer and small-business routers, the management interface may be exposed directly to the internet or local network without additional access controls.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed as of April 18, 2026. However, the critical CVSS score of 9.8 and the straightforward nature of CGI-based command injection vulnerabilities mean that weaponization could occur rapidly if proof-of-concept code is published.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Router vulnerabilities of this class have historically attracted interest from botnet operators targeting SOHO devices for inclusion in DDoS infrastructure or as network pivot points, but no campaigns or actors have been linked to this specific CVE.

What To Do

Administrators and users of the Totolink A7100RU running firmware version 7.4cu.2313_b20191024 should check the Totolink vendor advisory and apply any available firmware update immediately, treating this as a high-priority patch given the critical CVSS rating and unauthenticated RCE potential. If a firmware patch is not yet available, restrict access to the router's web management interface by disabling remote administration, placing the management interface behind a firewall or VPN, and ensuring the device is not directly reachable from the internet. Network defenders should monitor for anomalous HTTP POST requests to /cgi-bin/cstecgi.cgi containing unexpected shell metacharacters or encoded command sequences as a detection signal. Device replacement should be considered if the vendor does not issue a patch in a timely manner, as end-of-life firmware on network edge devices presents sustained risk.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →