CVE-2026-6112 — AI Deep Analysis Summary

🚨 **Essence**: OS Command Injection in TOTOLINK A7100RU. <br>💥 **Consequences**: Attackers can execute arbitrary system commands. This leads to total device compromise, data theft, and network disruption.

🛡️ **Root Cause**: CWE-78 (OS Command Injection). <br>🔍 **Flaw**: The `setRadvdCfg` function in `/cgi-bin/cstecgi.cgi` mishandles the `maxRadvdInterval` parameter.…

📦 **Affected Product**: TOTOLINK A7100RU Wireless Router. <br>📌 **Specific Version**: 7.4cu.2313_b20191024. <br>🏢 **Vendor**: TOTOLINK (China Jicong Electronics).

👑 **Privileges**: Full System Control. <br>📊 **Impact**: High (CVSS H/I/A). Hackers gain Root-level access. They can read sensitive configs, install backdoors, or pivot attacks to the entire local network.

⚡ **Threshold**: LOW. <br>🔓 **Auth**: None required (PR:N). <br>🌐 **Access**: Network accessible (AV:N). <br>🎯 **Complexity**: Low (AC:L). No user interaction needed (UI:N). Easy to exploit remotely.

💻 **Public Exploit**: YES. <br>📂 **Evidence**: GitHub PoC available (Litengzheng/vuldb_new). <br>🔗 **Details**: Technical descriptions and IOCs are listed in VDB-356972.…

🔍 **Self-Check**: Scan for `/cgi-bin/cstecgi.cgi`. <br>🧪 **Test**: Send crafted requests to the `setRadvdCfg` endpoint with malicious `maxRadvdInterval` values.…

🩹 **Official Fix**: Check vendor site (totolink.net). <br>⚠️ **Status**: Data shows published date 2026-04-12. Assume patch is pending or requires manual update to latest firmware. Verify with vendor directly.

🚧 **Workaround**: Block external access to the router's management interface. <br>🛑 **Mitigation**: Disable remote management features. If possible, restrict CGI access via firewall rules.…

🔥 **Urgency**: CRITICAL. <br>🚨 **Priority**: Immediate Action. <br>📉 **Risk**: CVSS 9.8 (High). Remote, unauthenticated, easy exploit. Patch immediately or isolate the device to prevent total network compromise.