Platform
linux
Component
totolink-a8000r
Fixed in
5.9.1
CVE-2026-5676 describes an authentication bypass vulnerability affecting the Totolink A8000R router. This flaw allows attackers to bypass authentication controls by manipulating the 'langType' parameter within the '/cgi-bin/cstecgi.cgi' file, potentially granting unauthorized access to router configuration and functionality. The vulnerability impacts routers running versions 5.9c.681B20180413–5.9c.681B20180413, and a public exploit is already available.
Successful exploitation of CVE-2026-5676 allows an attacker to gain unauthorized access to the Totolink A8000R router without proper authentication. This could lead to complete control over the device, enabling attackers to modify router settings, intercept network traffic, launch attacks against internal network resources, or even use the router as a pivot point for further attacks. The availability of a public exploit significantly increases the likelihood of exploitation, particularly given the router's role as a critical network gateway. The blast radius extends to all devices behind the compromised router, making it a significant threat.
CVE-2026-5676 is publicly known and has a readily available proof-of-concept exploit, indicating a high probability of exploitation. It was disclosed on 2026-04-06. The vulnerability is listed on the NVD and CISA databases. Given the ease of exploitation and the router's critical role in network infrastructure, organizations should prioritize patching or implementing alternative mitigations.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5676 is to upgrade the Totolink A8000R router to a patched firmware version. Unfortunately, a fixed firmware version is not provided in the input. As a temporary workaround, consider implementing strict firewall rules to restrict access to the '/cgi-bin/cstecgi.cgi' endpoint from untrusted sources. Web application firewalls (WAFs) can be configured to detect and block malicious requests targeting this vulnerability. Monitor router logs for suspicious activity, particularly requests containing unusual or malformed 'langType' parameters. After applying any mitigation steps, verify the router's security posture by attempting to access the vulnerable endpoint and confirming authentication is enforced.
Update the Totolink A8000R router firmware to a patched version. Refer to the official Totolink website for the latest firmware version and update instructions. This vulnerability allows remote code execution due to the lack of authentication in language configuration, so applying the update is crucial to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5676 is a HIGH severity vulnerability in the Totolink A8000R router allowing attackers to bypass authentication by manipulating the 'langType' parameter, potentially gaining full control of the device.
You are affected if your Totolink A8000R router is running version 5.9c.681B20180413–5.9c.681B20180413 and has not been upgraded to a patched firmware.
The recommended fix is to upgrade to a patched firmware version. Unfortunately, a fixed version is not provided. Implement firewall rules and monitor logs as temporary workarounds.
Yes, a public exploit exists, indicating a high probability of active exploitation and increasing the urgency to mitigate the vulnerability.
Refer to the NVD and CISA databases for details on CVE-2026-5676. Check the Totolink website for firmware updates and security advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.