Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
AnalysisAI
Stack-based buffer overflow in TOTOLINK A7000R router (firmware ≤9.1.0u.6115) allows authenticated remote attackers to achieve complete system compromise via the setWiFiEasyGuestCfg CGI function. The vulnerability exists in /cgi-bin/cstecgi.cgi where unsanitized input to the ssid5g parameter triggers memory corruption, enabling arbitrary code execution with device privileges. Publicly available exploit code exists, significantly lowering the barrier to exploitation for authenticated attackers on the network.
Technical ContextAI
This vulnerability affects the TOTOLINK A7000R wireless router's web management interface, specifically the CGI handler responsible for configuring guest WiFi networks. The flaw is a classic CWE-121 stack-based buffer overflow where the setWiFiEasyGuestCfg function fails to validate the length of user-supplied input to the ssid5g parameter before copying it to a fixed-size stack buffer. When an attacker provides an SSID string exceeding the allocated buffer size, adjacent stack memory is overwritten, allowing control of the instruction pointer and arbitrary code execution. This occurs in the embedded Linux firmware's CGI binary (cstecgi.cgi), which typically runs with elevated privileges to modify system network configurations. The CPE identifier cpe:2.3:a:totolink:a7000r confirms this affects the A7000R product line across firmware versions up to and including 9.1.0u.6115.
RemediationAI
No vendor-released patch identified at time of analysis. The official TOTOLINK website (https://www.totolink.net/) does not list a security advisory or firmware update specifically addressing CVE-2026-6168. Users should immediately implement compensating controls: disable remote management access to the router's web interface, restrict administrative access to trusted IP addresses only via firewall rules, change default administrative credentials to strong unique passwords, and segment the router's management interface from untrusted networks. Monitor TOTOLINK's support portal for firmware updates beyond version 9.1.0u.6115. Organizations should consider replacing affected devices with alternative router models if vendor support is unavailable, as IoT/embedded devices often receive limited long-term security maintenance. For detailed technical analysis, refer to the vulnerability report at https://vuldb.com/vuln/357056 and the proof-of-concept repository at https://github.com/zhuchan770/vulnerability/blob/main/A7000R/setWiFiEasyGuestCfg/.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21893