Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5850 describes a critical Command Injection vulnerability discovered in the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands on the device, potentially leading to complete system compromise. The vulnerability affects versions 7.4cu.2313_b20191024 and is actively being exploited with publicly available exploits.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected Totolink A7100RU router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's role as a gateway, a compromised device can expose the entire internal network to external threats. The availability of a public exploit significantly increases the likelihood of widespread exploitation, mirroring the rapid spread seen with vulnerabilities like those affecting IoT devices.
This vulnerability is considered highly exploitable due to the availability of a public proof-of-concept. It has been added to the CISA KEV catalog, indicating a high probability of exploitation. The ease of exploitation and the router's common deployment make it a prime target for malicious actors. No active campaigns have been publicly confirmed, but the public exploit suggests this is likely to change.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade the Totolink A7100RU firmware to a patched version. Unfortunately, a fixed version is not currently specified. As a temporary workaround, consider implementing strict firewall rules to restrict access to the /cgi-bin/cstecgi.cgi endpoint from untrusted sources. Monitor network traffic for suspicious activity, particularly attempts to access this endpoint with unusual parameters. Implement a Web Application Firewall (WAF) with rules to detect and block command injection attempts targeting the pptpPassThru parameter. After applying any mitigation, verify functionality by attempting to access the router's configuration interface and confirming that the pptpPassThru parameter is properly sanitized.
Update the Totolink A7100RU device firmware to a patched version that addresses the operating system command injection vulnerability. Refer to the official Totolink website or contact technical support for the latest firmware version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5850 is a critical vulnerability allowing attackers to execute OS commands on the Totolink A7100RU router via the pptpPassThru parameter. It affects versions 7.4cu.2313_b20191024 and has a CVSS score of 9.8.
If you are using a Totolink A7100RU router running version 7.4cu.2313_b20191024, you are potentially affected by this vulnerability. Check your router's firmware version immediately.
The recommended fix is to upgrade to a patched firmware version. Unfortunately, a fixed version is not currently specified. Implement temporary workarounds like firewall rules and WAF configurations until a patch is available.
Yes, a public exploit is available, indicating a high probability of active exploitation. The vulnerability has been added to the CISA KEV catalog, further highlighting the risk.
Please refer to the Totolink website or security mailing lists for the official advisory regarding CVE-2026-5850. As of the current date, the advisory may not be publicly available.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.