Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
A critical Command Injection vulnerability (CVE-2026-5852) has been discovered in the Totolink A7100RU router, specifically affecting firmware version 7.4cu.2313_b20191024. This flaw allows an attacker to execute arbitrary operating system commands remotely. The vulnerability resides within the /cgi-bin/cstecgi.cgi file, impacting the setIptvCfg function, and a public exploit is already available, increasing the risk of immediate exploitation.
The Command Injection vulnerability in Totolink A7100RU allows an attacker to gain complete control over the affected router. By manipulating the igmpVer argument, they can inject and execute arbitrary commands on the device's operating system. This could lead to data theft (configuration files, user credentials), malware installation, denial of service, and even pivoting to other devices on the network. Given the public availability of an exploit, the potential for widespread exploitation is high, particularly targeting home and small business networks relying on this router model. The impact is comparable to other router command injection vulnerabilities where attackers have leveraged compromised devices as launchpads for broader network attacks.
CVE-2026-5852 is considered a high-risk vulnerability due to its CRITICAL CVSS score and the public availability of an exploit. While no KEV listing is currently available, the ease of exploitation and potential impact warrant immediate attention. Public proof-of-concept code has been released, indicating a high probability of active exploitation. The vulnerability was publicly disclosed on 2026-04-09.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5852 is to immediately upgrade the Totolink A7100RU router to a patched firmware version. Totolink has not yet released a fix, so temporary workarounds are necessary. Consider implementing strict firewall rules to restrict access to /cgi-bin/cstecgi.cgi from untrusted sources. Web Application Firewall (WAF) rules can be configured to filter requests containing suspicious characters or patterns in the igmpVer parameter. Monitor router logs for unusual command execution attempts. If upgrading is not immediately possible, consider isolating the affected router from the internet to limit potential exposure. After applying any mitigation, verify the router's security posture by attempting to trigger the vulnerability (if possible without causing harm) and confirming that the command injection is prevented.
Update the firmware of your Totolink A7100RU device to a patched version. Refer to the official Totolink website or contact technical support for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5852 is a critical vulnerability allowing remote code execution on Totolink A7100RU routers via manipulation of the igmpVer parameter in /cgi-bin/cstecgi.cgi. A public exploit is available.
You are affected if you are using a Totolink A7100RU router with firmware version 7.4cu.2313_b20191024. Immediate action is required.
Upgrade to a patched firmware version as soon as it becomes available from Totolink. Until then, implement temporary workarounds like firewall restrictions and WAF rules.
Yes, a public exploit is available, indicating a high probability of active exploitation. Prompt mitigation is crucial.
Refer to the Totolink website for the latest security advisories and firmware updates related to CVE-2026-5852.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.