Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5996 describes a critical Command Injection vulnerability affecting the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands on the device, potentially leading to complete system takeover. The vulnerability specifically impacts firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a fix is pending.
The Command Injection vulnerability in Totolink A7100RU allows an attacker to inject and execute arbitrary commands on the router's operating system. This is a severe risk because it bypasses normal access controls and grants the attacker the privileges of the system user. Successful exploitation could lead to data theft (configuration files, user credentials), malware installation, and complete control over the router, enabling the attacker to pivot to other devices on the network. The ability to execute arbitrary commands effectively grants the attacker root access, significantly expanding the potential blast radius. This vulnerability shares similarities with other command injection flaws where improper input validation allows attackers to inject malicious code.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The CVSS score of 9.8 (CRITICAL) indicates a high level of severity. While an EPSS score is not available, the public disclosure and high CVSS score suggest a medium to high probability of exploitation. No known KEV listing exists at the time of writing. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and public disclosure.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a provided fixed version, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) rule to filter potentially malicious input to the /cgi-bin/cstecgi.cgi endpoint, specifically targeting the tty_server parameter. Strict input validation should be enforced to prevent the injection of shell commands. Consider temporarily disabling the affected functionality if possible. Monitor router logs for suspicious activity, particularly attempts to access /cgi-bin/cstecgi.cgi with unusual parameters. After a fix is released, upgrade the router firmware to the patched version and verify functionality by attempting to access the affected endpoint with a benign request.
Update the firmware of the Totolink A7100RU device to a version corrected by the manufacturer. Refer to the official Totolink website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5996 is a critical vulnerability allowing remote command execution on Totolink A7100RU routers via manipulation of the tty_server parameter in /cgi-bin/cstecgi.cgi.
You are affected if your Totolink A7100RU router is running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024 and has not been updated.
A fix is pending. Mitigate by implementing WAF rules, strict input validation, and monitoring router logs. Upgrade to the patched firmware when available.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation is possible.
Refer to the Totolink security advisory page for updates on CVE-2026-5996 and the availability of a firmware patch.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.