Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-6138 -- CVSS 9.8 Vulnerability Briefing

CVE-2026-6138 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-6138 is a critical-severity vulnerability in the Totolink A7100RU router (firmware version 7.4cu.2313_b20191024), specifically within the setAccessDeviceCfg function of the CGI handler located at /cgi-bin/cstecgi.cgi.

Technical Detail

The flaw resides in improper input handling within the setAccessDeviceCfg function, which is exposed through the device's CGI web interface. An attacker can craft a malicious request to this endpoint to manipulate the function's input in a way that likely enables remote code execution or unauthorized command injection on the underlying system. Given the CVSS score of 9.8 and the nature of CGI handler vulnerabilities in consumer-grade routers, exploitation is likely unauthenticated and remotely triggerable over the network without requiring prior access or credentials.

Exploitation Status

No known exploit code has been publicly identified at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed as of April 19, 2026. However, the critical CVSS score and the historically high targeting of SOHO router vulnerabilities warrant proactive attention.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. Totolink router vulnerabilities as a class have historically attracted attention from botnet operators and opportunistic threat actors targeting small office and home office network infrastructure, but no such activity has been confirmed for this specific CVE.

What To Do

Organizations and individuals operating the Totolink A7100RU on firmware version 7.4cu.2313_b20191024 should check the Totolink vendor advisory for an updated firmware release and apply it immediately if available. If no patch is available, restrict access to the device's web management interface by disabling remote administration and ensuring the CGI endpoint is not exposed to untrusted networks or the public internet. Network segmentation should be applied to isolate affected devices from critical internal systems. Monitor for anomalous outbound traffic or unexpected configuration changes on affected devices as potential indicators of exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →