Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5995 describes a critical command injection vulnerability affecting the Totolink A7100RU router. This flaw allows a remote attacker to execute arbitrary operating system commands on the device by manipulating the 'laninfo' parameter within the /cgi-bin/cstecgi.cgi file. The vulnerability impacts versions 7.4cu.2313b20191024 and a public exploit is already available, increasing the likelihood of exploitation.
The impact of CVE-2026-5995 is severe. Successful exploitation allows an attacker to gain complete control over the affected Totolink A7100RU router. This could lead to unauthorized access to the internal network, data exfiltration, malware deployment, and disruption of services. Given the router's role as a gateway, attackers could potentially pivot to other devices on the network, expanding the blast radius significantly. The availability of a public exploit dramatically increases the risk of widespread exploitation, similar to vulnerabilities that have previously targeted embedded devices.
CVE-2026-5995 is considered a high-probability threat due to the public availability of an exploit. The vulnerability was publicly disclosed on 2026-04-10. While it is not currently listed on the CISA KEV catalog, its ease of exploitation warrants immediate attention. Active campaigns targeting vulnerable routers are common, and this vulnerability is likely to be exploited in the wild.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5995 is to upgrade the Totolink A7100RU router to a patched firmware version as soon as it becomes available. Unfortunately, no fixed version is currently specified. As a temporary workaround, consider implementing strict input validation on the 'lan_info' parameter within the /cgi-bin/cstecgi.cgi file, although this is unlikely to be feasible without modifying the router's firmware. Network segmentation can limit the potential impact of a successful attack. Monitor network traffic for suspicious activity, particularly connections to unusual ports or destinations. If a rollback to a previous firmware version is possible, this may reduce the attack surface, but should be considered a temporary measure only.
Update the Totolink A7100RU device firmware to a patched version. Refer to the official Totolink website for the latest firmware version and update instructions. This vulnerability allows operating system command injection through manipulation of parameters in the web interface, so applying the update is crucial to mitigate the risk.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5995 is a critical command injection vulnerability in the Totolink A7100RU router, allowing remote attackers to execute OS commands.
If you are using a Totolink A7100RU router running version 7.4cu.2313_b20191024, you are potentially affected by this vulnerability.
Upgrade to a patched firmware version as soon as it becomes available. Until then, consider temporary workarounds like input validation and network segmentation.
Due to the public availability of an exploit, CVE-2026-5995 is considered a high-probability threat and likely to be exploited in the wild.
Please refer to the Totolink website or security mailing lists for the official advisory regarding CVE-2026-5995.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.