Platform
linux
Component
totolink-a7100ru
Opgelost in
7.4.1
CVE-2026-5850 describes a critical Command Injection vulnerability discovered in the Totolink A7100RU router. This flaw allows attackers to execute arbitrary operating system commands on the device, potentially leading to complete system compromise. The vulnerability affects versions 7.4cu.2313_b20191024 and is actively being exploited with publicly available exploits.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to gain complete control over the affected Totolink A7100RU router. This includes the ability to modify router configurations, intercept network traffic, install malware, and potentially pivot to other devices on the network. Given the router's role as a gateway, a compromised device can expose the entire internal network to external threats. The availability of a public exploit significantly increases the likelihood of widespread exploitation, mirroring the rapid spread seen with vulnerabilities like those affecting IoT devices.
This vulnerability is considered highly exploitable due to the availability of a public proof-of-concept. It has been added to the CISA KEV catalog, indicating a high probability of exploitation. The ease of exploitation and the router's common deployment make it a prime target for malicious actors. No active campaigns have been publicly confirmed, but the public exploit suggests this is likely to change.
Small and medium-sized businesses (SMBs) and home users who rely on the Totolink A7100RU router for their internet connectivity are at significant risk. Shared hosting environments utilizing this router as a gateway are particularly vulnerable, as a compromise could impact multiple tenants. Users with default router configurations or those who have not updated their firmware are also at increased risk.
• linux / server:
journalctl -u cstecgi -g 'pptpPassThru'• linux / server:
ps aux | grep cstecgi | grep pptpPassThru• generic web:
curl -I http://<router_ip>/cgi-bin/cstecgi.cgi?pptpPassThru=$(id)disclosure
Exploit Status
EPSS
1.25% (79% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade the Totolink A7100RU firmware to a patched version. Unfortunately, a fixed version is not currently specified. As a temporary workaround, consider implementing strict firewall rules to restrict access to the /cgi-bin/cstecgi.cgi endpoint from untrusted sources. Monitor network traffic for suspicious activity, particularly attempts to access this endpoint with unusual parameters. Implement a Web Application Firewall (WAF) with rules to detect and block command injection attempts targeting the pptpPassThru parameter. After applying any mitigation, verify functionality by attempting to access the router's configuration interface and confirming that the pptpPassThru parameter is properly sanitized.
Actualice el firmware del dispositivo Totolink A7100RU a una versión corregida que solucione la vulnerabilidad de inyección de comandos del sistema operativo. Consulte el sitio web oficial de Totolink o contacte con el soporte técnico para obtener la última versión del firmware.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-5850 is a critical vulnerability allowing attackers to execute OS commands on the Totolink A7100RU router via the pptpPassThru parameter. It affects versions 7.4cu.2313_b20191024 and has a CVSS score of 9.8.
If you are using a Totolink A7100RU router running version 7.4cu.2313_b20191024, you are potentially affected by this vulnerability. Check your router's firmware version immediately.
The recommended fix is to upgrade to a patched firmware version. Unfortunately, a fixed version is not currently specified. Implement temporary workarounds like firewall rules and WAF configurations until a patch is available.
Yes, a public exploit is available, indicating a high probability of active exploitation. The vulnerability has been added to the CISA KEV catalog, further highlighting the risk.
Please refer to the Totolink website or security mailing lists for the official advisory regarding CVE-2026-5850. As of the current date, the advisory may not be publicly available.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.