Skip to main content

A7000R CVE-2026-6168

| EUVDEUVD-2026-21893 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-13 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 27, 2026 - 19:07 vuln.today
cvss_changed
PoC Detected
Apr 27, 2026 - 19:05 vuln.today
Public exploit code
Analysis Generated
Apr 13, 2026 - 07:29 vuln.today
CVSS changed
Apr 13, 2026 - 07:22 NVD
8.8 (HIGH) 7.4 (HIGH)
EUVD ID Assigned
Apr 13, 2026 - 07:15 euvd
EUVD-2026-21893
Analysis Generated
Apr 13, 2026 - 07:15 vuln.today
CVE Published
Apr 13, 2026 - 06:30 nvd
HIGH 7.4

DescriptionCVE.org

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in TOTOLINK A7000R router (firmware ≤9.1.0u.6115) allows authenticated remote attackers to achieve complete system compromise via the setWiFiEasyGuestCfg CGI function. The vulnerability exists in /cgi-bin/cstecgi.cgi where unsanitized input to the ssid5g parameter triggers memory corruption, enabling arbitrary code execution with device privileges. Publicly available exploit code exists, significantly lowering the barrier to exploitation for authenticated attackers on the network.

Technical ContextAI

This vulnerability affects the TOTOLINK A7000R wireless router's web management interface, specifically the CGI handler responsible for configuring guest WiFi networks. The flaw is a classic CWE-121 stack-based buffer overflow where the setWiFiEasyGuestCfg function fails to validate the length of user-supplied input to the ssid5g parameter before copying it to a fixed-size stack buffer. When an attacker provides an SSID string exceeding the allocated buffer size, adjacent stack memory is overwritten, allowing control of the instruction pointer and arbitrary code execution. This occurs in the embedded Linux firmware's CGI binary (cstecgi.cgi), which typically runs with elevated privileges to modify system network configurations. The CPE identifier cpe:2.3:a:totolink:a7000r confirms this affects the A7000R product line across firmware versions up to and including 9.1.0u.6115.

RemediationAI

No vendor-released patch identified at time of analysis. The official TOTOLINK website (https://www.totolink.net/) does not list a security advisory or firmware update specifically addressing CVE-2026-6168. Users should immediately implement compensating controls: disable remote management access to the router's web interface, restrict administrative access to trusted IP addresses only via firewall rules, change default administrative credentials to strong unique passwords, and segment the router's management interface from untrusted networks. Monitor TOTOLINK's support portal for firmware updates beyond version 9.1.0u.6115. Organizations should consider replacing affected devices with alternative router models if vendor support is unavailable, as IoT/embedded devices often receive limited long-term security maintenance. For detailed technical analysis, refer to the vulnerability report at https://vuldb.com/vuln/357056 and the proof-of-concept repository at https://github.com/zhuchan770/vulnerability/blob/main/A7000R/setWiFiEasyGuestCfg/.

Share

CVE-2026-6168 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy