Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5994 represents a critical Command Injection vulnerability identified in the Totolink A7100RU router. This flaw allows attackers to inject and execute arbitrary operating system commands, potentially granting them unauthorized access and control over the device. The vulnerability specifically affects firmware version 7.4cu.2313_b20191024 and a public exploit is available, increasing the risk of exploitation. A fix is available from Totolink.
A critical vulnerability has been discovered in the Totolink A7100RU router, version 7.4cu.2313b20191024 (CVE-2026-5994). This vulnerability, rated with a CVSS score of 9.8, allows for operating system command injection through manipulation of the 'telnetenabled' argument within the file /cgi-bin/cstecgi.cgi. The affected component is the CGI Handler. The severity of this vulnerability lies in its remote exploitability, meaning an attacker from anywhere on the network can potentially execute arbitrary commands on the router. The public release of the exploit further exacerbates the situation, increasing the risk of active attacks. This could result in complete device control, theft of sensitive information, or the router being used as a springboard to attack other systems on the network.
The vulnerability resides in the file /cgi-bin/cstecgi.cgi, specifically within the setTelnetCfg function. An attacker can inject operating system commands by manipulating the 'telnet_enabled' parameter in an HTTP request. Due to inadequate input validation, these commands will be executed with the privileges of the CGI Handler process, which generally has access to sensitive system functions. The public availability of the exploit facilitates the exploitation of this vulnerability, allowing attackers with limited technical expertise to compromise the router. The fact that exploitation is remote makes it particularly dangerous, as it does not require physical access to the device.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
Currently, there is no official fix provided by Totolink for this vulnerability. The most effective mitigation is to disable the Telnet service on the router immediately. While it doesn't address the underlying vulnerability, it significantly reduces the attack surface. It is strongly recommended to monitor the network for suspicious activity. Additionally, users should consider replacing the router with a model that receives regular security updates. Keeping the router's firmware updated, although it doesn't resolve this specific issue, is a general security best practice. Contacting Totolink to inquire about potential future updates is also advised.
Actualice el firmware del dispositivo Totolink A7100RU a una versión corregida por el fabricante. Consulte el sitio web oficial de Totolink para obtener la última versión del firmware y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's a unique identifier for a specific security vulnerability in the Totolink A7100RU router.
It allows for remote operating system command injection, potentially giving an attacker complete control of the router.
Disable the Telnet service immediately and monitor your network for suspicious activity. Consider replacing the router.
Currently, there is no official fix available.
Disable Telnet, keep your firmware updated (although it doesn't resolve this specific issue) and consider a router with regular security updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.