CVE-2026-6154: OS Command Injection in Totolink A7100RU The Totolink A7100RU router firmware 7.4cu.2313_b20191024 contains an OS command injection vulnerability (CVE-2026-6154) in the setWizardCfg function of the /cgi-bin/cstecgi.cgi CGI handler. By manipulating the 'wizard' argument, an unauthe

Totolink A7100RU (7.4cu.2313_b20191024) hit by CRITICAL OS command injection (CVE-2026-6154). No patch yet — isolate routers, monitor advisories. Public exploit available. radar.offseq.com/threat/cve-2026-6154-os-... #OffSeq #CVE20266154 #cybersecurity