Scan free
CRITICALCVE-2026-5993CVSS 9.8

CVE-2026-5993: Command Injection in Totolink A7100RU

Platform

linux

Component

totolink-a7100ru

Fixed in

7.4.1

AI Confidence: highNVDEPSS 1.3%Reviewed: May 2026
View on NVD
Save

A critical Command Injection vulnerability (CVE-2026-5993) has been identified in the Totolink A7100RU router. This flaw allows remote attackers to execute arbitrary operating system commands, potentially gaining full control of the device. The vulnerability impacts firmware versions 7.4cu.2313_b20191024 and a public exploit is already available, increasing the risk of immediate exploitation.

Impact and Attack Scenarios

The impact of this vulnerability is severe. Successful exploitation allows an attacker to execute arbitrary commands on the router with the privileges of the CGI Handler process. This could lead to complete system compromise, including data theft, configuration modification, and the use of the router as a pivot point for attacks against internal network resources. Given the publicly available exploit, the risk of widespread exploitation is high. The router's role as a network gateway makes it a prime target for attackers seeking to gain access to the internal network.

Exploitation Context

CVE-2026-5993 is a high-priority vulnerability due to its CRITICAL CVSS score and the availability of a public exploit. The exploit's public nature significantly increases the likelihood of exploitation. No KEV listing or confirmed exploitation campaigns are currently known as of the publication date, but the ease of exploitation suggests active scanning and potential attacks are probable. The vulnerability was publicly disclosed on 2026-04-10.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports2 threat reports

EPSS

1.25% (79% percentile)

CISA SSVC

Exploitationpoc
Automatableyes
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R9.8CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componenttotolink-a7100ru
VendorTotolink
Affected rangeFixed in
7.4cu.2313_b20191024 – 7.4cu.2313_b201910247.4.1

Weakness Classification (CWE)

CWE-78CWE-77

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 44 days since disclosure

Mitigation and Workarounds

The primary mitigation is to upgrade the Totolink A7100RU firmware to a patched version. Unfortunately, a fixed version is not specified in the provided data. Until a patch is available, consider implementing temporary workarounds such as restricting access to the /cgi-bin/cstecgi.cgi endpoint via a firewall or WAF. Monitor router logs for suspicious activity, particularly attempts to access the vulnerable endpoint with unusual parameters. Implement strict input validation on any user-supplied data used in system commands.

How to fix

Update the firmware of the Totolink A7100RU device to a version corrected by the manufacturer. Refer to the official Totolink website for the latest firmware version and update instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-5993 — Command Injection in Totolink A7100RU?

CVE-2026-5993 is a critical vulnerability allowing remote command execution on the Totolink A7100RU router via manipulation of the wifiOff parameter in /cgi-bin/cstecgi.cgi. A public exploit is available.

Am I affected by CVE-2026-5993 in Totolink A7100RU?

You are affected if your Totolink A7100RU router is running firmware version 7.4cu.2313_b20191024 and has not been upgraded to a patched version. Check your firmware version immediately.

How do I fix CVE-2026-5993 in Totolink A7100RU?

The recommended fix is to upgrade to a patched firmware version. Unfortunately, a fixed version is not specified. Until a patch is available, consider firewall restrictions and log monitoring as temporary mitigations.

Is CVE-2026-5993 being actively exploited?

While no confirmed exploitation campaigns are currently known, the availability of a public exploit suggests active scanning and potential attacks are probable. The risk is considered high.

Where can I find the official Totolink advisory for CVE-2026-5993?

Refer to the Totolink website or security announcements for the latest advisory regarding CVE-2026-5993 and available firmware updates.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs