プラットフォーム
linux
コンポーネント
totolink-a7100ru
修正版
7.4.1
CVE-2026-5996 describes a critical Command Injection vulnerability affecting the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands on the device, potentially leading to complete system takeover. The vulnerability specifically impacts firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024, and a fix is pending.
The Command Injection vulnerability in Totolink A7100RU allows an attacker to inject and execute arbitrary commands on the router's operating system. This is a severe risk because it bypasses normal access controls and grants the attacker the privileges of the system user. Successful exploitation could lead to data theft (configuration files, user credentials), malware installation, and complete control over the router, enabling the attacker to pivot to other devices on the network. The ability to execute arbitrary commands effectively grants the attacker root access, significantly expanding the potential blast radius. This vulnerability shares similarities with other command injection flaws where improper input validation allows attackers to inject malicious code.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The CVSS score of 9.8 (CRITICAL) indicates a high level of severity. While an EPSS score is not available, the public disclosure and high CVSS score suggest a medium to high probability of exploitation. No known KEV listing exists at the time of writing. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and public disclosure.
Small to medium-sized businesses and home users relying on the Totolink A7100RU router are at risk. Specifically, those with exposed routers or those using default configurations are particularly vulnerable. Shared hosting environments utilizing this router could also be impacted, potentially affecting multiple tenants.
• linux / server:
journalctl -u cstecgi -g 'tty_server' | grep -i 'command injection'• generic web:
curl -s 'http://<router_ip>/cgi-bin/cstecgi.cgi?tty_server=;id;' | grep -i 'id='disclosure
エクスプロイト状況
EPSS
1.25% (79% パーセンタイル)
CISA SSVC
CVSS ベクトル
Due to the lack of a provided fixed version, immediate mitigation strategies are crucial. Implement a Web Application Firewall (WAF) rule to filter potentially malicious input to the /cgi-bin/cstecgi.cgi endpoint, specifically targeting the tty_server parameter. Strict input validation should be enforced to prevent the injection of shell commands. Consider temporarily disabling the affected functionality if possible. Monitor router logs for suspicious activity, particularly attempts to access /cgi-bin/cstecgi.cgi with unusual parameters. After a fix is released, upgrade the router firmware to the patched version and verify functionality by attempting to access the affected endpoint with a benign request.
Actualice el firmware del dispositivo Totolink A7100RU a una versión corregida por el fabricante. Consulte el sitio web oficial de Totolink para obtener la última versión del firmware y las instrucciones de actualización.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-5996 is a critical vulnerability allowing remote command execution on Totolink A7100RU routers via manipulation of the tty_server parameter in /cgi-bin/cstecgi.cgi.
You are affected if your Totolink A7100RU router is running firmware versions 7.4cu.2313b20191024–7.4cu.2313b20191024 and has not been updated.
A fix is pending. Mitigate by implementing WAF rules, strict input validation, and monitoring router logs. Upgrade to the patched firmware when available.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation is possible.
Refer to the Totolink security advisory page for updates on CVE-2026-5996 and the availability of a firmware patch.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。