Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5854 describes a critical command injection vulnerability affecting the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands remotely, potentially leading to complete system compromise. The vulnerability impacts versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a fix is currently available.
The command injection vulnerability in Totolink A7100RU presents a severe risk. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the CGI Handler process. This could enable attackers to gain full control of the device, including modifying configurations, accessing sensitive data stored on the router (such as user credentials or network settings), and potentially pivoting to other devices on the network. Given the router's role as a network gateway, a compromised device can be used to launch attacks against internal resources, effectively expanding the attacker's blast radius. The public availability of an exploit significantly increases the likelihood of exploitation.
CVE-2026-5854 is considered highly exploitable due to the public availability of a proof-of-concept. The vulnerability has been added to the CISA KEV catalog, indicating a high probability of exploitation. The vulnerability's severity is further amplified by the router's position within the network, making it a prime target for attackers seeking to gain access to internal resources. Active campaigns targeting routers are common, increasing the likelihood of this vulnerability being exploited in the wild.
Exploit Status
EPSS
0.33% (56% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5854 is to upgrade the Totolink A7100RU firmware to a patched version as soon as it becomes available. Until an upgrade is possible, consider implementing temporary workarounds such as restricting access to the /cgi-bin/cstecgi.cgi endpoint via a firewall or Web Application Firewall (WAF). Carefully review and restrict user permissions within the router's configuration to minimize the potential impact of a successful attack. Monitor router logs for suspicious activity, particularly attempts to access or manipulate the vulnerable endpoint. Implement intrusion detection system (IDS) rules to identify and block malicious traffic targeting the command injection vulnerability.
Update the firmware of the Totolink A7100RU device to a patched version that resolves the command injection vulnerability. Refer to the official Totolink website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5854 is a critical command injection vulnerability in the Totolink A7100RU router, allowing remote code execution via manipulation of the 'merge' argument. It impacts versions 7.4cu.2313b20191024–7.4cu.2313b20191024.
You are affected if you are using a Totolink A7100RU router running version 7.4cu.2313b20191024–7.4cu.2313b20191024 and have not upgraded to a patched version.
The recommended fix is to upgrade to the latest firmware version provided by Totolink. Until the upgrade is available, implement temporary mitigations like firewall restrictions.
Yes, the vulnerability is considered highly exploitable due to the public availability of a proof-of-concept and its inclusion in the CISA KEV catalog, indicating active exploitation is likely.
Please refer to the Totolink website or security advisory channels for the official advisory regarding CVE-2026-5854.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.