Scan free
HIGHCVE-2026-5677CVSS 7.3

CVE-2026-5677: Command Injection in Totolink A7100RU Router

Platform

linux

Component

totolink-a7100ru

Fixed in

7.4.1

AI Confidence: highNVDEPSS 4.9%Reviewed: May 2026
View on NVD
Save

CVE-2026-5677 describes a Command Injection vulnerability discovered in the Totolink A7100RU router. This flaw allows attackers to remotely execute arbitrary operating system commands, potentially granting them complete control over the device. The vulnerability affects routers running versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a public exploit is already available.

Impact and Attack Scenarios

The impact of CVE-2026-5677 is significant due to the remote nature of the exploit and the potential for complete system takeover. An attacker could leverage this vulnerability to modify router configurations, intercept network traffic, install malware, or use the compromised router as a pivot point to attack other devices on the network. Successful exploitation could lead to data breaches, denial of service, and further compromise of the internal network. The availability of a public exploit significantly increases the risk of widespread exploitation.

Exploitation Context

CVE-2026-5677 is actively being exploited due to the public availability of a proof-of-concept. The vulnerability has been added to the CISA KEV catalog, indicating a high probability of exploitation. Attackers are likely to scan for vulnerable routers and attempt to exploit this vulnerability to gain unauthorized access to networks.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

4.86% (90% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R7.3HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componenttotolink-a7100ru
VendorTotolink
Affected rangeFixed in
7.4cu.2313_b20191024 – 7.4cu.2313_b201910247.4.1

Weakness Classification (CWE)

CWE-78CWE-77

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 48 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-5677 is to upgrade the Totolink A7100RU router to a patched firmware version as soon as it becomes available. In the absence of a patch, implement strict firewall rules to limit access to the /cgi-bin/cstecgi.cgi endpoint. Consider deploying a Web Application Firewall (WAF) with rules to detect and block command injection attempts targeting the resetFlags parameter. Monitor router logs for suspicious activity, particularly attempts to execute unusual commands. After applying mitigations, verify functionality by attempting to access the affected endpoint and confirming that the request is blocked or sanitized.

How to fix

Update the Totolink A7100RU router firmware to a version corrected by the manufacturer. Consult the official Totolink website or contact technical support for the latest firmware version and update instructions. This vulnerability allows operating system command injection, so it is crucial to apply the update to mitigate the risk.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-5677 — Command Injection in Totolink A7100RU Router?

CVE-2026-5677 is a Command Injection vulnerability affecting Totolink A7100RU routers, allowing remote code execution via the resetFlags parameter in /cgi-bin/cstecgi.cgi.

Am I affected by CVE-2026-5677 in Totolink A7100RU Router?

You are affected if your Totolink A7100RU router is running versions 7.4cu.2313b20191024–7.4cu.2313b20191024 and has not been patched.

How do I fix CVE-2026-5677 in Totolink A7100RU Router?

Upgrade to the latest firmware version as soon as it's available. If a patch isn't available, implement firewall rules and WAF protections to block malicious requests.

Is CVE-2026-5677 being actively exploited?

Yes, CVE-2026-5677 is actively being exploited due to the public availability of a proof-of-concept and its inclusion in the CISA KEV catalog.

Where can I find the official Totolink advisory for CVE-2026-5677?

Refer to the Totolink security advisory page for updates and official announcements regarding CVE-2026-5677.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs