[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-6114":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-12T20:13:20.293Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":75,"aliases":85,"duplicate_of":9,"upstream":86,"downstream":87,"duplicates":88,"related":89,"reserved_at":9,"published_at":90,"modified_at":90,"state":91,"summary":92,"references_raw":100,"kevs":129,"epss":130,"epss_history":133,"metrics":135,"affected":156},"CVE-2026-6114","A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remotely. The exploit is now public and may be used.",null,[11,52],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","weakness","Draft","Class","High",[20,24,28,32,36,40,44,48],{"id":21,"name":22,"techniques":23},"CAPEC-136","LDAP Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":33,"name":34,"techniques":35},"CAPEC-248","Command Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":41,"name":42,"techniques":43},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":45,"name":46,"techniques":47},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":49,"name":50,"techniques":51},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"_key":53,"id":53,"name":54,"description":55,"type":15,"status":56,"abstraction":57,"likelihood_of_exploit":18,"capec":58},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","Stable","Base",[59,63,65,67,71],{"id":60,"name":61,"techniques":62},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":64},[],{"id":41,"name":42,"techniques":66},[],{"id":68,"name":69,"techniques":70},"CAPEC-6","Argument Injection",[],{"id":72,"name":73,"techniques":74},"CAPEC-88","OS Command Injection",[],[76],{"_key":77,"name":78,"source":79,"url":80,"maturity":81,"reliability_score":82,"verified":83,"type":9,"platforms":84,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_LITENGZHENG_VULDB_NEW","Vuldb New","github","https://github.com/Litengzheng/vuldb_new/blob/main/CH22/vul_50/README.md","poc",0.3,false,[],[],[],[],[],[],"2026-04-12T03:30:16.504Z","Received",{"cisa_kev":83,"cisa_ransomware":83,"cisa_vendor":9,"epss_severity":93,"epss_score":94,"severity":95,"severity_score":96,"severity_version":97,"severity_source":98,"severity_vector":99,"severity_status":91},"low",0.00892,"high",10,"v2.0","cve.org","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",[101,108,114,119,124],{"url":102,"sources":103,"tags":105},"https://vuldb.com/vuln/356974",[98,104],"nvd",[106,107],"VDB Entry","Technical Description",{"url":109,"sources":110,"tags":111},"https://vuldb.com/vuln/356974/cti",[98,104],[112,113],"Signature","Permissions Required",{"url":115,"sources":116,"tags":117},"https://vuldb.com/submit/792247",[98,104],[118],"Third Party Advisory",{"url":120,"sources":121,"tags":122},"https://github.com/Litengzheng/vuldb_new/blob/main/A7100RU/vul_179/README.md",[98,104],[123],"Exploit",{"url":125,"sources":126,"tags":127},"https://www.totolink.net/",[98,104],[128],"Product",[],{"date":131,"score":94,"percentile":132},"2026-04-12",0.75569,[134],{"date":131,"score":94,"percentile":132},[136,147],{"source":98,"cvss_v2_0":137,"cvss_v3_0":138,"cvss_v3_1":142,"cvss_v4_0":144},{"baseScore":96,"baseSeverity":9,"vectorString":99,"impactScore":96,"exploitabilityScore":96},{"baseScore":139,"baseSeverity":140,"vectorString":141,"impactScore":139,"exploitabilityScore":96},9.8,"CRITICAL","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",{"baseScore":139,"baseSeverity":140,"vectorString":143,"impactScore":139,"exploitabilityScore":96},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",{"baseScore":145,"baseSeverity":140,"vectorString":146,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",{"source":104,"cvss_v2_0":148,"cvss_v3_0":9,"cvss_v3_1":150,"cvss_v4_0":152},{"baseScore":96,"baseSeverity":9,"vectorString":149,"impactScore":96,"exploitabilityScore":96},"AV:N/AC:L/Au:N/C:C/I:C/A:C",{"baseScore":139,"baseSeverity":140,"vectorString":151,"impactScore":139,"exploitabilityScore":96},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"baseScore":153,"baseSeverity":154,"vectorString":155,"impactScore":9,"exploitabilityScore":9},8.9,"HIGH","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[157],{"ecosystem":9,"name":158,"vendor":159,"product":160,"cpe_part":161,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":162},"A7100RU","totolink","a7100ru","a",[163],{"version":164,"is_range":83,"range_type":98,"version_start":164,"version_start_type":165,"version_end":164,"version_end_type":165,"fixed_in":9},"7.4cu.2313_b20191024","including"]