Platform
linux
Component
totolink-a7100ru
Fixed in
7.4.1
CVE-2026-5997 describes a critical Command Injection vulnerability affecting the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands remotely, potentially gaining complete control over the device. The vulnerability impacts versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a public exploit is already available.
The Command Injection vulnerability in Totolink A7100RU presents a severe risk. An attacker can exploit this flaw by crafting a malicious request that injects arbitrary commands into the admpass argument of the /cgi-bin/cstecgi.cgi endpoint. Successful exploitation allows the attacker to execute commands with the privileges of the CGI Handler process, potentially gaining root access to the router's operating system. This could lead to data theft, configuration modification, denial of service, or even the router being used as a pivot point for attacks against other devices on the network. The public availability of an exploit significantly increases the likelihood of exploitation.
CVE-2026-5997 is considered a high-probability exploit due to the public availability of a proof-of-concept. It was disclosed on 2026-04-10 and added to the CISA KEV catalog. Active exploitation is highly likely given the ease of exploitation and the router's widespread use in home and small business networks.
Exploit Status
EPSS
1.25% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5997 is to upgrade the Totolink A7100RU router to a patched firmware version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds such as strict input validation on the admpass parameter within the /cgi-bin/cstecgi.cgi script. This could involve whitelisting allowed characters or implementing length restrictions. Network segmentation can also limit the potential blast radius. Monitor router logs for suspicious activity, specifically commands executed by the CGI Handler. After upgrading, confirm the vulnerability is resolved by attempting the exploit with a benign command and verifying it is rejected.
Update the firmware of the Totolink A7100RU device to a patched version that resolves the command injection vulnerability. Refer to the official Totolink website for the latest firmware version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5997 is a critical vulnerability allowing remote command execution on Totolink A7100RU routers due to improper input validation in the password setting function.
You are affected if your Totolink A7100RU router is running version 7.4cu.2313b20191024–7.4cu.2313b20191024 and has not been updated.
Upgrade your Totolink A7100RU router to the latest available firmware version. Until a patch is available, implement strict input validation on the admpass parameter.
Yes, a public exploit is available, making active exploitation highly likely.
Refer to the Totolink security advisory page for updates and the latest information regarding CVE-2026-5997.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.