Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5853 represents a critical Command Injection vulnerability discovered in the Totolink A7100RU router. This flaw allows a remote attacker to execute arbitrary operating system commands on the device, potentially leading to complete system compromise. The vulnerability specifically impacts versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a patch is available to address the issue.
A critical operating system command injection vulnerability (CVE-2026-5853) has been identified in the Totolink A7100RU router, specifically version 7.4cu.2313_b20191024. The vulnerability resides within the setIpv6LanCfg function of the /cgi-bin/cstecgi.cgi file, concerning the handling of the addrPrefixLen argument. A remote attacker can exploit this flaw by manipulating this argument to execute arbitrary commands on the device, potentially compromising the network's security. The vulnerability's severity is rated as high (CVSS 9.8) due to its ease of exploitation, remote accessibility, and the absence of an official fix. Public disclosure of the exploit significantly increases the risk of attacks.
The vulnerability can be exploited remotely through a malicious HTTP request targeted at the /cgi-bin/cstecgi.cgi file. An attacker can inject operating system commands into the addrPrefixLen argument, which will then be executed by the router. The public disclosure of the exploit facilitates the replication of attacks and increases the risk of malicious actors exploiting this vulnerability to compromise Totolink A7100RU devices. The lack of adequate authentication in the vulnerable function allows anyone with network access to exploit the flaw. A comprehensive security audit of the network is recommended to identify and mitigate potential risks.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
Currently, there is no official fix (patch) provided by Totolink for this vulnerability. The most effective mitigation is to avoid using this router until an update is released. If using the device is unavoidable, isolate it from the main network, restricting its internet access and access to sensitive devices. Implementing a robust firewall and actively monitoring network traffic can help detect and prevent potential attacks. Consider replacing the router with a more secure and updated model. The lack of an official patch makes the situation critical and requires proactive risk management.
Actualice el firmware del dispositivo Totolink A7100RU a una versión corregida por el fabricante. Consulte el sitio web oficial de Totolink para obtener la última versión del firmware y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for this security vulnerability.
If you have a Totolink A7100RU with firmware version 7.4cu.2313_b20191024, it is vulnerable.
Isolate the router from the main network and limit its internet access.
Currently, no official solution is available.
Search vulnerability databases like NIST NVD or security forums.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.