Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6116 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6116 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6116 is a critical severity vulnerability affecting the Totolink A7100RU router (firmware version 7.4cu.2313_b20191024), specifically within the setDiagnosisCfg function of the CGI handler component located at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw resides in the setDiagnosisCfg function of the device's CGI handler, where insufficient input validation likely permits command injection or a buffer overflow condition via a crafted HTTP request to the management interface. An attacker who can reach the CGI endpoint can supply malicious input that the function processes without adequate sanitization, potentially resulting in unauthenticated remote code execution (RCE) on the underlying operating system. Given the CVSS score of 9.8 and the network-accessible attack surface typical of this class of router vulnerability, successful exploitation would grant full device compromise with root-level privileges.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit; however, vulnerabilities of this class in SOHO routers have historically attracted rapid weaponization once disclosed, and the attack surface should be treated as high risk regardless of current exploit availability.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE as of April 18, 2026. That said, SOHO and consumer-grade routers from vendors such as Totolink are frequently targeted by botnet operators and opportunistic threat actors conducting mass scanning campaigns.

What To Do

Organizations and individuals operating the Totolink A7100RU on firmware version 7.4cu.2313_b20191024 should check the Totolink vendor advisory for an updated firmware release and apply it immediately given the critical CVSS rating. If no patch is yet available, restrict access to the device's web management interface by disabling remote administration and limiting LAN-side access to trusted hosts only. Network defenders should monitor for anomalous HTTP POST requests targeting /cgi-bin/cstecgi.cgi with unexpected or oversized parameter values as a detection signal. Placing the device behind a management VLAN or firewall rule that blocks untrusted access to the CGI interface is a viable interim workaround until a patched firmware is confirmed and deployed.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →