Scan free
HIGHCVE-2026-5692CVSS 7.3

CVE-2026-5692: Command Injection in Totolink A7100RU Router

Platform

linux

Component

totolink-a7100ru

Fixed in

7.4.1

AI Confidence: highNVDEPSS 4.9%Reviewed: May 2026
View on NVD
Save

CVE-2026-5692 describes a Command Injection vulnerability discovered in the Totolink A7100RU router. This flaw allows a remote attacker to execute arbitrary operating system commands on the device, potentially leading to complete system compromise. The vulnerability affects routers running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a fix is expected from the vendor.

Impact and Attack Scenarios

Successful exploitation of CVE-2026-5692 grants an attacker complete control over the affected Totolink A7100RU router. This includes the ability to modify system configurations, install malware, steal sensitive data (such as user credentials and network traffic logs), and use the router as a pivot point to attack other devices on the network. Given the router's position as a network gateway, a compromised device can expose the entire internal network to external threats. The public availability of an exploit significantly increases the risk of widespread exploitation.

Exploitation Context

This vulnerability has been publicly disclosed and an exploit is available, indicating a high probability of exploitation. It is not currently listed on CISA KEV. The public availability of the exploit suggests that attackers are actively seeking to exploit this vulnerability, particularly given the router's common deployment in home and small business networks.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

4.86% (90% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R7.3HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componenttotolink-a7100ru
VendorTotolink
Affected rangeFixed in
7.4cu.2313_b20191024 – 7.4cu.2313_b201910247.4.1

Weakness Classification (CWE)

CWE-78CWE-77

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 48 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-5692 is to upgrade the Totolink A7100RU router to a firmware version containing the security patch. As no fixed version is currently specified, check the Totolink website for updates. If an upgrade is not immediately available or causes instability, consider temporarily isolating the router from the internet by disabling WAN access. Monitor router logs for suspicious activity, particularly attempts to access /cgi-bin/cstecgi.cgi with unusual parameters. While a WAF or proxy might offer limited protection, it's unlikely to be effective against this type of injection without specific rules tailored to the vulnerable parameter.

How to fix

Update the Totolink A7100RU router firmware to a patched version. Consult the official Totolink website for the latest firmware version and update instructions. This vulnerability allows for remote command execution, so it is crucial to apply the update as soon as possible to mitigate the risk.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-5692 — Command Injection in Totolink A7100RU Router?

CVE-2026-5692 is a Command Injection vulnerability affecting Totolink A7100RU routers. It allows remote attackers to execute OS commands, potentially compromising the entire device.

Am I affected by CVE-2026-5692 in Totolink A7100RU Router?

You are affected if your Totolink A7100RU router is running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024. Check your router's firmware version and upgrade if necessary.

How do I fix CVE-2026-5692 in Totolink A7100RU Router?

Upgrade your Totolink A7100RU router to a patched firmware version. Check the Totolink website for available updates.

Is CVE-2026-5692 being actively exploited?

Yes, the vulnerability is publicly known and an exploit is available, indicating a high probability of active exploitation.

Where can I find the official Totolink advisory for CVE-2026-5692?

Please refer to the Totolink website for the latest security advisories and firmware updates related to CVE-2026-5692.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs